Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 17:19
    pierwill edited #876
  • 17:19
    pierwill opened #876
  • 17:19
    pierwill review_requested #876
  • 17:14

    pierwill on verify-deps

    build: Verify checksum of gecko… build: verify checksum of node … (compare)

  • Jun 08 19:13
    dependabot[bot] commented #862
  • May 27 02:41

    abandoned-prototype on develop

    Fix two small bugs in officer s… (compare)

  • May 27 02:41
    abandoned-prototype closed #872
  • May 25 02:30
    abandoned-prototype synchronize #872
  • May 21 05:31

    abandoned-prototype on main

    Update deployment docs to use J… initial github action use FLASK_ENV to set default en… and 6 more (compare)

  • May 21 05:31
    abandoned-prototype closed #874
  • May 21 05:31
    abandoned-prototype edited #874
  • May 21 04:56
    r4v5 synchronize #874
  • May 21 04:56

    r4v5 on fix-csrf-upload

    (compare)

  • May 21 04:56

    r4v5 on develop

    fix image upload fix csrf on admin tags Merge pull request #875 from lu… (compare)

  • May 21 04:56
    r4v5 closed #875
  • May 21 04:34
    abandoned-prototype opened #875
  • May 21 04:34
    abandoned-prototype review_requested #875
  • May 21 04:32

    abandoned-prototype on fix-csrf-upload

    fix image upload fix csrf on admin tags (compare)

  • May 21 03:15

    r4v5 on v0.6.5

    (compare)

  • May 21 03:06
    b-meson commented #873
Jack Laxson
@jrabbit
mostly due to package devs fucking up
redshiftzero
@redshiftzero
what would the advantage be?
Jack Laxson
@jrabbit
pipenv bakes in hashes
in the lockfiles and requirements (generated by pipenv lock -r)
redshiftzero
@redshiftzero
we can do that now with pip --require-hashes
we just don't ;)
Jack Laxson
@jrabbit
it makes it plausible
instead of "not something we do"
it's ok if it's too much at once but I can work it into the dockerfile shuffle i wanted to do
redshiftzero
@redshiftzero
using pip --require-hashes is actually better than generating requirements.txt from Pipfile/Pipfile.lock for prod as it doesn't keep the hashes
Jack Laxson
@jrabbit
it does keep the hashes iirc
redshiftzero
@redshiftzero
hmm
redshiftzero @redshiftzero tests
Jack Laxson
@jrabbit
oh weird
it doesn't by default at least...
int10h
@brianmwaters
been some talk tonight about getting OO started here in burlington, VT :heart:
Jack Laxson
@jrabbit
well whats stopping us from just using it in the deploy?
it takes care of the venv for you too which is nice
redshiftzero
@redshiftzero
yeah i would be surprised if they added that: we wrote our own tool for SecureDrop to generate the requirements.txt hashes from Pipfile.lock
Fritz Davenport
@fritzdavenport
(we should have a prod docker)
oh - what architecture are yall usin in prod anyway? EC2?
Jack Laxson
@jrabbit
pipenv does do dev separation tho
which is all we're currently achieving with two requirements.txts rn
redshiftzero
@redshiftzero
(issues like the above along with incredibly annoying breakage causing the occasional need to do stuff like freedomofpress/securedrop#3853 is why i've been steering clear of adding Pipenv for fun unless it's solving a problem)
@fritzdavenport we are on digitalocean
Jack Laxson
@jrabbit
oh that's kind of a political fight between pip and pipenv teams
not really a technical problem
redshiftzero
@redshiftzero
i mean they don't test their releases against pip
that is ... bad (hopefully now they will)
(no shade on their team, maintaining software is hard)
i hope you dont autoupgrade pip on the box you have pipenv in prod :-o
Jack Laxson
@jrabbit
I mean you should pin your software!!
pipenv and pip
thats the moral :P
Fritz Davenport
@fritzdavenport
I herd not awesome things about pipenv
tbh I pip and docker in my work life
Jack Laxson
@jrabbit
is there a good way to do hash pinning then?
or is the idea to push that all onto the docker image COW
Fritz Davenport
@fritzdavenport
Hey - got a fun UX question
I was going to put the upload button in the empty space where the photo would be
The other ticket says to have a "No Photo" photo. Anyone got a good eye and have a good idea how to lay it out
Jack Laxson
@jrabbit
I have discovered something else... the js i will be fixing
I could use some advice on which files are vendor stuff tho
Jack Laxson
@jrabbit
should eslint run in a container? e.g. do people have node/npm?
Freddie Oversteegen
@freddieoversteegen
Hi all. I've been steered toward this project and I'm eager to contribute. First Q: is there a consensus about which logo to use?
seattlepd.photo
@seattlepd.photo:matrix.org
[m]
So.. pricing out VPSs... what are the requirements for running an OpenOversight server?