Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Dec 03 07:16

    dpc on master

    Make alternatives work both way… (compare)

  • Dec 01 04:14
    kpcyrd commented #130
  • Nov 28 07:21

    dpc on master

    Handle `-u` in `crate info` (compare)

  • Nov 27 06:16

    dpc on master

    Update CHANGELOG Bump version (compare)

  • Nov 27 05:22

    dpc on v0.13.0

    Update CHANGELOG Bump version (compare)

  • Nov 27 03:13

    dpc on master

    Fix CHANGELOG formatting Fix trust proof draft `comment`… Fix the return code of `crate v… (compare)

  • Nov 26 17:02
    dpc commented #267
  • Nov 26 17:02

    dpc on master

    Fix bad command in getting_star… Merge pull request #267 from db… (compare)

  • Nov 26 17:02
    dpc closed #267
  • Nov 26 13:21
    dbrgn opened #267
  • Nov 26 06:22

    dpc on master

    Support better local crates (compare)

  • Nov 20 06:07

    dpc on v0.12.0

    (compare)

  • Nov 20 05:55

    dpc on master

    Update CHANGELOG, bump version (compare)

  • Nov 19 05:47

    dpc on master

    Minore documentation change (compare)

  • Nov 11 22:32
    dpc commented #264
  • Nov 11 21:13

    dpc on master

    Fix `--skip-known-owners` and `… (compare)

  • Nov 09 00:07
    dpc commented #266
  • Nov 09 00:07

    dpc on master

    Fix invalid command suggestion … Merge pull request #266 from zo… (compare)

  • Nov 09 00:07
    dpc closed #266
  • Nov 09 00:07
    dpc closed #265
Masaki Hara
@qnighy
Hi, I wrote a Japanese article introducing cargo-crev https://qiita.com/qnighy/items/34bed9dbd826dc76d3ba -- perhaps no one here is interested in the article itself but I hope it results in more people's involvement.
matrixbot
@matrixbot
dpc That is so awesome!
dpc I'll check Google translate on this later today.
Masaki Hara
@qnighy
My friend also tried cargo-crev and found a bug during review: Robbepop/string-interner#9
matrixbot
@matrixbot
dpc That's a serious bug. So great to see people finding bugs.
matrixbot
@matrixbot
dpc Probably a good idea to fill rustsec advisory and crev one too.
matrixbot
@matrixbot
programmerjake hey, I started a thread evaluating crev on the libre-riscv-dev@lists.libre-riscv.org mailing list: http://lists.libre-riscv.org/pipermail/libre-riscv-dev/2019-August/002562.html
programmerjake you might find that interesting. Luke initially mistakes crev for a code signing and distribution mechanism, so a lot of it may not be useful
matrixbot
@matrixbot
programmerjake feel free to join the conversation on the mailing list if you like: http://lists.libre-riscv.org/mailman/listinfo/libre-riscv-dev
Andrew Gallant
@BurntSushi
that initial response from Luke pretty much makes me want to run in the opposite direction of that mailing list. sorry.
matrixbot
@matrixbot
Andrew Gallant
@BurntSushi
yeah, i read the rest of the thread. sorry, do not want to waste my time talking to someone like that.
matrixbot
@matrixbot
programmerjake ok, well, I tried
Andrew Gallant
@BurntSushi
someone else might though
matrixbot
@matrixbot
programmerjake thanks for taking the time to read the messages anyway
matrixbot
@matrixbot

dpc > <@programmerjake:matrix.org> hey, I started a thread evaluating crev on the libre-riscv-dev@lists.libre-riscv.org mailing list: http://lists.libre-riscv.org/pipermail/libre-riscv-dev/2019-August/002562.html

That is sooo interesting! :D

matrixbot
@matrixbot

dpc BTW. I love the ortodox security community... priding themselves in chasing down a rabit hole of inventing more and more complex beurocracies, and procedures as riddicolous as signing ceremonies with passports. :D

there's absolutely no links to whitepapers, no links to design documentation, no links to reviews, no links to design reviews or
design discussions.

:D

Thanks to how much idiotic their dogma is, they failed to produce anything actually usuable in real world, making themselves just a bunch of "old man yieling at the cloud", while the whole world consider them irrelevant.

dpc 30 or more years, and all they have to show for it is PGP, which is absolutely horribe and pretty much unusable for the wider public.
dpc crev is not aspiring to be a perfect security tool. It goal is to be usable enough to empower the mass-developer to actually be able to improve the current situation... "x10" or "x1000".
matrixbot
@matrixbot
dpc IMO what they fail to see that people are imperfect, world complex, and there are no perfect solutions. I base crev security on regonition of that, and I just plan to throw a lot of redundancy at the problem, and embrace the fact that trust is not a binary thing - it is subjective, gradual and dynamic.
matrixbot
@matrixbot

dpc > it would be better to start again, by doing the research properly,
doing a comparative analysis of:

they also need to be warned - in advance - that only a handful of
people in the world have the mindset to cope with such a task,

Oh, security astronauts. A self selected elite, that would surely change the world to be better, only if the whole world let them, be being more completely different than it is. :D

dpc Always happy to yell from the corner "I told you so, ha!" :D
matrixbot
@matrixbot
dpc I guess I'm being a bit of a jerk now. Anyway. Thanks for sharing info about our humble tool! I am always happy to consider any feedback and improvements, so the more people look at crev, the better. :)
matrixbot
@matrixbot

dpc > no: the users need to be educated and told that under no circumstances
should they violate these procedures. or if they do, they get everything
that they deserve.

Hahahahah. :D

dpc My absolute problem number 1 in crev, biggest fear, biggest worry: is getting people to enjoy and use it. Anytime someone tells me there's something they don't like I pause and think how can I make it easier, better, more likeble (without compromising the properties of the system of course), and not respond with "oh, if you weren't such a stupid derp, you would know how to use it; go away; you don't deserve to get the glorious benefitrs of my marevelous system".
matrixbot
@matrixbot
programmerjake well, I'm still planning on using crev, especially since crev is not trying to be the only security solution, and I'm going to keep spreading the word.
matrixbot
@matrixbot
dpc BTW. 0.9 has been released. Nothing that important there - I just wanted to make sure static binaries work after I've moved repo to github org.
matrixbot
@matrixbot
matrixbot
@matrixbot
dpc I've added this to crev-dev/cargo-crev#45
dpc The max flow algorightm might be useful! Thank you!
dpc The DDoS think... I'm just planing to leave it unadressed just like PGP devs... :D
dpc Just kidding. :D
dpc *thing
dpc The flow algorithm will have to get involved with what we download eventually, yes.
matrixbot
@matrixbot
dpc But that's a good problem to have. Right now it's most important to get users. :)
Andrew Gallant
@BurntSushi
@dpc workflow question: i want to get myself into a position to review lazy_static 1.4.0. i see that there is already a review for lazy_static 1.3.0. ideally, crev could drop me into a sub-shell w here i can see the diff between 1.3.0 and 1.4.0. is there a way to do that? i see that there is a cargo crev review --diff flag, but i'm not sure what that's supposed to.
(also, when i drop into a subshell, it tells me that i can run the review command. i assumed that meant the subshell introduced this command, but it did not. so i guess that should say cargo crev review instead?)
(i'm tempted to just git clone lazy_static and look at git diff 1.3.0..1.4.0, but that is obviously the wrong workflow.)
matrixbot
@matrixbot
dpc diff sub command?
dpc Cargo crev diff lazy_static

dpc > <@gitter_burntsushi:matrix.org> (also, when i drop into a subshell, it tells me that i can run the review command. i assumed that meant the subshell introduced this command, but it did not. so i guess that should say cargo crev review instead?)

Yes

matrixbot
@matrixbot
Ralith is crev stable enough to be redistributed yet?
dpc That's a tough one. I'm siding on "not yet", but then there are no imediately plans for breaking changes.
matrixbot
@matrixbot
Ralith kay, will keep my package to myself
dpc NixOS? :)
Ralith of course
dpc Also, considering that crev is mostly for Rust developers, I would expect cargo install to work quite well for them, no?
dpc There's even shell.nix in github repo. :)
dpc I've added a new command lookup <query> that lookups crates from crates.io and then sorts them by number or proofs.