Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 04:07

    dpc on master

    Update README.md (compare)

  • 04:06

    dpc on master

    Update README.md (compare)

  • 04:06

    dpc on master

    Update README.md (compare)

  • Oct 16 22:29
    dpc opened #257
  • Oct 15 23:48
    dpc commented #256
  • Oct 15 23:47

    dpc on master

    Fix help message for 'id query' Merge pull request #256 from re… (compare)

  • Oct 15 23:47
    dpc closed #256
  • Oct 15 20:50
    remram44 opened #256
  • Oct 15 18:05
    dpc commented #255
  • Oct 15 18:05

    dpc on master

    Fix command 'repo query review' Fix command 'repo git log' Fix command 'repo publish' and 1 more (compare)

  • Oct 15 18:05
    dpc closed #255
  • Oct 15 17:48
    remram44 edited #255
  • Oct 15 17:48
    remram44 edited #255
  • Oct 15 17:48
    remram44 synchronize #255
  • Oct 15 17:32
    remram44 synchronize #255
  • Oct 15 17:30
    remram44 opened #255
  • Oct 15 03:50

    dpc on master

    Generator shell completions (compare)

  • Oct 14 05:41
    dpc opened #254
  • Oct 14 05:29
    dpc commented #251
  • Oct 14 05:18

    dpc on master

    Prepare v0.10.1 release (compare)

Andrew Gallant
@BurntSushi
yeah
Dawid Ciężarkiewicz
@dpc
Got to go now. I should be around later today. Please share your crev publish repo, so I can add it to my WoT. :)
Andrew Gallant
@BurntSushi
thanks for answering my questions! i'm headed to bed soon. here are my proofs so far: https://github.com/BurntSushi/crev-proofs
my goal is to get ripgrep into a state where it's fully trusted.
Dawid Ciężarkiewicz
@dpc
I've pushed the parallel dependency scanning. It's much, much faster now.
Dawid Ciężarkiewicz
@dpc
Also the unclean stuff should be better.
Dawid Ciężarkiewicz
@dpc
dpc/crev#230 cargo crev recomend idea.
Dawid Ciężarkiewicz
@dpc
Ehhh... This new id subcommand is bugging me by its inconsistency. I agree that it is probably more discoverable, but the fact that everything is verb noun and this one is none verb is so meh. :D
matrixbot
@matrixbot
dpc https://github.com/crev-dev - and so we move into github organization; expect some links and stuff like this to be potentially borked for a while.
Masaki Hara
@qnighy
Hi, I wrote a Japanese article introducing cargo-crev https://qiita.com/qnighy/items/34bed9dbd826dc76d3ba -- perhaps no one here is interested in the article itself but I hope it results in more people's involvement.
matrixbot
@matrixbot
dpc That is so awesome!
dpc I'll check Google translate on this later today.
Masaki Hara
@qnighy
My friend also tried cargo-crev and found a bug during review: Robbepop/string-interner#9
matrixbot
@matrixbot
dpc That's a serious bug. So great to see people finding bugs.
matrixbot
@matrixbot
dpc Probably a good idea to fill rustsec advisory and crev one too.
matrixbot
@matrixbot
programmerjake hey, I started a thread evaluating crev on the libre-riscv-dev@lists.libre-riscv.org mailing list: http://lists.libre-riscv.org/pipermail/libre-riscv-dev/2019-August/002562.html
programmerjake you might find that interesting. Luke initially mistakes crev for a code signing and distribution mechanism, so a lot of it may not be useful
matrixbot
@matrixbot
programmerjake feel free to join the conversation on the mailing list if you like: http://lists.libre-riscv.org/mailman/listinfo/libre-riscv-dev
Andrew Gallant
@BurntSushi
that initial response from Luke pretty much makes me want to run in the opposite direction of that mailing list. sorry.
matrixbot
@matrixbot
Andrew Gallant
@BurntSushi
yeah, i read the rest of the thread. sorry, do not want to waste my time talking to someone like that.
matrixbot
@matrixbot
programmerjake ok, well, I tried
Andrew Gallant
@BurntSushi
someone else might though
matrixbot
@matrixbot
programmerjake thanks for taking the time to read the messages anyway
matrixbot
@matrixbot

dpc > <@programmerjake:matrix.org> hey, I started a thread evaluating crev on the libre-riscv-dev@lists.libre-riscv.org mailing list: http://lists.libre-riscv.org/pipermail/libre-riscv-dev/2019-August/002562.html

That is sooo interesting! :D

matrixbot
@matrixbot

dpc BTW. I love the ortodox security community... priding themselves in chasing down a rabit hole of inventing more and more complex beurocracies, and procedures as riddicolous as signing ceremonies with passports. :D

there's absolutely no links to whitepapers, no links to design documentation, no links to reviews, no links to design reviews or
design discussions.

:D

Thanks to how much idiotic their dogma is, they failed to produce anything actually usuable in real world, making themselves just a bunch of "old man yieling at the cloud", while the whole world consider them irrelevant.

dpc 30 or more years, and all they have to show for it is PGP, which is absolutely horribe and pretty much unusable for the wider public.
dpc crev is not aspiring to be a perfect security tool. It goal is to be usable enough to empower the mass-developer to actually be able to improve the current situation... "x10" or "x1000".
matrixbot
@matrixbot
dpc IMO what they fail to see that people are imperfect, world complex, and there are no perfect solutions. I base crev security on regonition of that, and I just plan to throw a lot of redundancy at the problem, and embrace the fact that trust is not a binary thing - it is subjective, gradual and dynamic.
matrixbot
@matrixbot

dpc > it would be better to start again, by doing the research properly,
doing a comparative analysis of:

they also need to be warned - in advance - that only a handful of
people in the world have the mindset to cope with such a task,

Oh, security astronauts. A self selected elite, that would surely change the world to be better, only if the whole world let them, be being more completely different than it is. :D

dpc Always happy to yell from the corner "I told you so, ha!" :D
matrixbot
@matrixbot
dpc I guess I'm being a bit of a jerk now. Anyway. Thanks for sharing info about our humble tool! I am always happy to consider any feedback and improvements, so the more people look at crev, the better. :)
matrixbot
@matrixbot

dpc > no: the users need to be educated and told that under no circumstances
should they violate these procedures. or if they do, they get everything
that they deserve.

Hahahahah. :D

dpc My absolute problem number 1 in crev, biggest fear, biggest worry: is getting people to enjoy and use it. Anytime someone tells me there's something they don't like I pause and think how can I make it easier, better, more likeble (without compromising the properties of the system of course), and not respond with "oh, if you weren't such a stupid derp, you would know how to use it; go away; you don't deserve to get the glorious benefitrs of my marevelous system".
matrixbot
@matrixbot
programmerjake well, I'm still planning on using crev, especially since crev is not trying to be the only security solution, and I'm going to keep spreading the word.
matrixbot
@matrixbot
dpc BTW. 0.9 has been released. Nothing that important there - I just wanted to make sure static binaries work after I've moved repo to github org.
matrixbot
@matrixbot
matrixbot
@matrixbot
dpc I've added this to crev-dev/cargo-crev#45
dpc The max flow algorightm might be useful! Thank you!
dpc The DDoS think... I'm just planing to leave it unadressed just like PGP devs... :D
dpc Just kidding. :D
dpc *thing
dpc The flow algorithm will have to get involved with what we download eventually, yes.
matrixbot
@matrixbot
dpc But that's a good problem to have. Right now it's most important to get users. :)
Andrew Gallant
@BurntSushi
@dpc workflow question: i want to get myself into a position to review lazy_static 1.4.0. i see that there is already a review for lazy_static 1.3.0. ideally, crev could drop me into a sub-shell w here i can see the diff between 1.3.0 and 1.4.0. is there a way to do that? i see that there is a cargo crev review --diff flag, but i'm not sure what that's supposed to.
(also, when i drop into a subshell, it tells me that i can run the review command. i assumed that meant the subshell introduced this command, but it did not. so i guess that should say cargo crev review instead?)
(i'm tempted to just git clone lazy_static and look at git diff 1.3.0..1.4.0, but that is obviously the wrong workflow.)
matrixbot
@matrixbot
dpc diff sub command?
dpc Cargo crev diff lazy_static