From 114da242b605abb6dfe4d179361f94995c46078f Mon Sep 17 00:00:00 2001
From: Sebastian Bernauer <sebastian.bernauer@stackable.tech>
Date: Mon, 5 May 2025 14:50:34 +0200
Subject: [PATCH 1/3] fix: Re-add RUSTSEC-2023-0071 exclusion

Part of https://github.com/stackabletech/issues/issues/677
Fixup of #513

operator-rs is using the rsa crate, there is no fix yet
---
 template/deny.toml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/template/deny.toml b/template/deny.toml
index 1d140638..754ea73e 100644
--- a/template/deny.toml
+++ b/template/deny.toml
@@ -1,3 +1,8 @@
+# This file is the source of truth for all oure repos!
+# This includes repos not templated by operator-templating, please copy/paste the file for this repos.
+
+# TIPP: Use "cargo deny check" to check if everything is fine
+
 [graph]
 targets = [
     { triple = "x86_64-unknown-linux-gnu" },
@@ -9,6 +14,17 @@ targets = [
 
 [advisories]
 yanked = "deny"
+ignore = [
+    # https://rustsec.org/advisories/RUSTSEC-2023-0071
+    # "rsa" crate: Marvin Attack: potential key recovery through timing sidechannel
+    #
+    # No patch is yet available, however work is underway to migrate to a fully constant-time implementation
+    # So we need to accept this, as of SDP 25.3 we are not using the rsa crate to create certificates used in production
+    # setups.
+    #
+    # https://github.com/RustCrypto/RSA/issues/19 is the tracking issue
+    "RUSTSEC-2023-0071",
+]
 
 [bans]
 multiple-versions = "allow"

From de60c576f70cdad2f99e395c9e01340483519071 Mon Sep 17 00:00:00 2001
From: Sebastian Bernauer <sebastian.bernauer@stackable.tech>
Date: Mon, 5 May 2025 14:53:07 +0200
Subject: [PATCH 2/3] typo

---
 template/deny.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/template/deny.toml b/template/deny.toml
index 754ea73e..712c16de 100644
--- a/template/deny.toml
+++ b/template/deny.toml
@@ -1,4 +1,4 @@
-# This file is the source of truth for all oure repos!
+# This file is the source of truth for all our repos!
 # This includes repos not templated by operator-templating, please copy/paste the file for this repos.
 
 # TIPP: Use "cargo deny check" to check if everything is fine

From 571632494c7dc4d035b12cd21db9b5e81a3028f9 Mon Sep 17 00:00:00 2001
From: Sebastian Bernauer <sebastian.bernauer@stackable.de>
Date: Mon, 5 May 2025 16:25:17 +0200
Subject: [PATCH 3/3] Update template/deny.toml

Co-authored-by: Nick <10092581+NickLarsenNZ@users.noreply.github.com>
---
 template/deny.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/template/deny.toml b/template/deny.toml
index 712c16de..d02a12f4 100644
--- a/template/deny.toml
+++ b/template/deny.toml
@@ -1,7 +1,7 @@
 # This file is the source of truth for all our repos!
 # This includes repos not templated by operator-templating, please copy/paste the file for this repos.
 
-# TIPP: Use "cargo deny check" to check if everything is fine
+# TIP: Use "cargo deny check" to check if everything is fine
 
 [graph]
 targets = [