doc: More concise re trust

Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com>
2024-05-10 08:31:06 -07:00 · 2024-05-10 08:31:06 -07:00 · c8a68fa727
commit c8a68fa727
parent 95018175fd
1 changed files with 2 additions and 5 deletions
--- a/pull_request_template.md
+++ b/pull_request_template.md
@ -2,11 +2,8 @@
 We welcome your pull request, but because this crate is downloaded about 1.7 million times per month (see https://crates.io/crates/zip),
 and because ZIP file processing has caused security issues in the past (see 
 https://www.cvedetails.com/vulnerability-search.php?f=1&vendor=&product=zip&cweid=&cvssscoremin=&cvssscoremax=&publishdatestart=&publishdateend=&updatedatestart=&updatedateend=&cisaaddstart=&cisaaddend=&cisaduestart=&cisadueend=&page=1
-for the gory details), we have some requirements that help ensure we continuously earn developers' and their clients'
-trust. I (@Pr0methean) am an Amazonian, and although I maintain this crate in a personal capacity (except when fellow Amazonians 
-express new requirements), I still strive to uphold Amazon's Leadership Principles, especially "Earn Trust" (see
-https://www.amazon.jobs/content/en/our-workplace/leadership-principles). But I've received a lot of PRs that didn't initially meet
-the requirements I derived from that LP.
+for the gory details), we have some requirements that help ensure we maintain developers' and their clients' trust.
+This implies some requirements that a lot of PRs don't initially meet.

 This crate doesn't filter out "ZIP bombs" because extreme compression ratios and shallow file copies have legitimate uses; but
 I expect the tools the crate provides for checking that extraction is safe, such as the `ZipArchive::decompressed_size` method in