dpc/crev - Gitter

matrixbot

@matrixbot

Moongoodboy{K} hopefully more than dozens soon :3

Dylan DPC

@Dylan-DPC

matrixbot

@matrixbot

dpc

[I] 12-21 22:56 dpc@futex ~/l/crev (master)> cargo build --release; and ./target/release/cargo-crev crev verify deps 
    Finished release [optimized] target(s) in 0.20s
    Updating crates.io index
unknown   0  0  103716  3055881 ~/.cargo/registry/src/github.com-1ecc6299db9ec823/proc-macro2-0.3.5
unknown   0  0    2179     2455 ~/.cargo/registry/src/github.com-1ecc6299db9ec823/pmac-0.1.0
verified  6  6  452540  8704066 ~/.cargo/registry/src/github.com-1ecc6299db9ec823/log-0.4.6
unknown   0  0    5651    60842 ~/.cargo/registry/src/github.com-1ecc6299db9ec823/derive_builder-0.7.0
verified  3  3  967452  1951348 ~/.cargo/registry/src/github.com-1ecc6299db9ec823/either-1.5.0
unknown   0  0 1335499  1904576 ~/.cargo/registry/src/github.com-1ecc6299db9ec823/fnv-1.0.6
(...)

dpc Now you can see how many crates.io downloads given version/package has.

matrixbot

@matrixbot

dpc dpc does not forget: https://github.com/dpc/crev-proofs/commit/3d28669076108398c408a6ab156945f4ba83b273#diff-407ad07adac5f188adb44bb263d139a3R309

matrixbot

@matrixbot

dpc I don't get it... This guy has a bunch of very low quality, incomplete crates, that seem like name squating.

dpc https://crates.io/users/IvanUkhov

dpc Like this one https://crates.io/crates/assert

dpc 26 versions, of a crate that has pretty much one function ...

dpc Or this one ... https://crates.io/crates/database

Dylan DPC

@Dylan-DPC

great

matrixbot

@matrixbot

dpc Suspicious. I'm going to warn some people that use his crates as dependencies to check them.

matrixbot

@matrixbot

dpc Dylan DPC (Gitter): Did you mention you have some experience with documentation-style cli tests? I think it would be great to have some tests like that to ensure the basic functionality is always in good shape end to end.

Dylan DPC

@Dylan-DPC

@dpc i'm writing some integration tests rn

matrixbot

@matrixbot

Moongoodboy{K} >when security is a concern, it might not be appropriate; I recommend switching to tempdir

Moongoodboy{K} author admitted it's not good for production use!

Moongoodboy{K} should put that in your crev comment.

Moongoodboy{K} >>docs for ::random::Default

The default source is the Xorshift128+ algorithm.

what the actual…

Dylan DPC

@Dylan-DPC

welp i'm writing something similar :D

matrixbot

@matrixbot

Moongoodboy{K} …wait, you aren't the same person as dpc.

Dylan DPC

@Dylan-DPC

nope xD

Thomas den Hollander

@ThomasdenH

I refactored recursive-digest a bit.

I'll write some more tests as well.

Dylan DPC

@Dylan-DPC

thanks

Thomas den Hollander

@ThomasdenH

I haven't been able to review crates on Windows, I get the following error:Error: Os { code: 32, kind: Other, message: "Het proces heeft geen toegang tot het bestand omdat het door een ander\r\nproces wordt gebruikt." }

Dylan DPC

@Dylan-DPC

translation :P

Thomas den Hollander

@ThomasdenH

Translated: "The process does not have access to the file because it is in use by another process."

Without backtraces it is difficult to find the cause, but if you have no idea I can investigate some more.

matrixbot

@matrixbot

Moongoodboy{K} ahh, good ol' Windows implicit mandatory file locking :P

matrixbot

@matrixbot

Dtgr Created a proofs repo: https://github.com/Detegr/crev-proofs

Dtgr Only a review for my own crate at the moment though. A bit of a learning curve still with crev.

Dtgr Great job by the way, this is something that is definitely needed.

dpc 👍👍👍

matrixbot

@matrixbot

Moongoodboy{K} :D

Thomas den Hollander

@ThomasdenH

I have found the line, but no solution yet: dpc/crev#93

Dawid Ciężarkiewicz

@dpc

@ThomasdenH Done. Thanks for finding it!

matrixbot

@matrixbot

dpc Release early, release often. v0.2s are out.

matrixbot

@matrixbot

dpc https://users.rust-lang.org/t/cargo-crev-0-2-notes-from-dogfooding-looking-for-automatic-scanning-tools-and-ideas/23480

matrixbot

@matrixbot

dpc Now you can review a crate that is not a dependency via cargo crev review --independent <name> [<version>]

dpc I've also updated stuff to newest cargo, so if you do cargo crev verify deps in a new project, there will be nice progress bar etc. when downloading crates automatically. :)

matrixbot

@matrixbot

dpc Now you can add --url to ID query command to get URLs too

matrixbot

@matrixbot

dpc This option is probably useless... It should probably be the default and only behavior

matrixbot

@matrixbot

dpc https://users.rust-lang.org/t/cargo-crev-0-2-notes-from-dogfooding-looking-for-automatic-scanning-tools-and-ideas/23480/4?u=dpc any opions about using authorship information?

dpc At very least in cargo crev verify deps we could display crate authorship against a list of trusted authors or something in the summary view. The question is how far to take the whole concept.

matrixbot

@matrixbot

Moongoodboy{K} >Summing up: […] [forum, why you no let me copypaste]

Yeah, agreed.

dpc Agreed to which parts exactly?

Moongoodboy{K} That particular paragraph that I quoted.

Moongoodboy{K} …not sure if the website has wonky selection blocking, or I just failed to UI somehow. Anyway:

Moongoodboy{K} >>Summing up: ideally, I would like burntsushi to sign reviews of his own (and other) crates, and not have people trust everything just because it says that allegedly it was authored by burntsushi. 🙂

Yeah, agreed.

matrixbot

@matrixbot

dpc Displaying the whole path to source directory or handy, because one can just copy & paste it, but it also takes a lot of terminal space estate. I wonder what could be done to improve it.

People

Repo info

Activity