dpc on master
Fix `--skip-known-owners` and `… (compare)
dpc on master
Fix invalid command suggestion … Merge pull request #266 from zo… (compare)
dpc > <@programmerjake:matrix.org> hey, I started a thread evaluating crev on the email@example.com mailing list: http://lists.libre-riscv.org/pipermail/libre-riscv-dev/2019-August/002562.html
That is sooo interesting! :D
dpchttp://lists.libre-riscv.org/pipermail/libre-riscv-dev/2019-August/002568.html - this one is great; :D
dpc BTW. I love the ortodox security community... priding themselves in chasing down a rabit hole of inventing more and more complex beurocracies, and procedures as riddicolous as signing ceremonies with passports. :D
there's absolutely no links to whitepapers, no links to design documentation, no links to reviews, no links to design reviews or
Thanks to how much idiotic their dogma is, they failed to produce anything actually usuable in real world, making themselves just a bunch of "old man yieling at the cloud", while the whole world consider them irrelevant.
dpc30 or more years, and all they have to show for it is PGP, which is absolutely horribe and pretty much unusable for the wider public.
crevis not aspiring to be a perfect security tool. It goal is to be usable enough to empower the mass-developer to actually be able to improve the current situation... "x10" or "x1000".
dpcIMO what they fail to see that people are imperfect, world complex, and there are no perfect solutions. I base crev security on regonition of that, and I just plan to throw a lot of redundancy at the problem, and embrace the fact that trust is not a binary thing - it is subjective, gradual and dynamic.
dpc > it would be better to start again, by doing the research properly,
doing a comparative analysis of:
they also need to be warned - in advance - that only a handful of
people in the world have the mindset to cope with such a task,
Oh, security astronauts. A self selected elite, that would surely change the world to be better, only if the whole world let them, be being more completely different than it is. :D
dpcAlways happy to yell from the corner "I told you so, ha!" :D
dpcMy absolute problem number 1 in
crev, biggest fear, biggest worry: is getting people to enjoy and use it. Anytime someone tells me there's something they don't like I pause and think how can I make it easier, better, more likeble (without compromising the properties of the system of course), and not respond with "oh, if you weren't such a stupid derp, you would know how to use it; go away; you don't deserve to get the glorious benefitrs of my marevelous system".
programmerjake@dpc:matrix.org: Luke responded: http://lists.libre-riscv.org/pipermail/libre-riscv-dev/2019-August/002600.html
dpcThe max flow algorightm might be useful! Thank you!
dpcThe DDoS think... I'm just planing to leave it unadressed just like PGP devs... :D
dpcJust kidding. :D
dpcThe flow algorithm will have to get involved with what we download eventually, yes.
lazy_static 1.4.0. i see that there is already a review for
lazy_static 1.3.0. ideally, crev could drop me into a sub-shell w here i can see the diff between
1.4.0. is there a way to do that? i see that there is a
cargo crev review --diffflag, but i'm not sure what that's supposed to.
reviewcommand. i assumed that meant the subshell introduced this command, but it did not. so i guess that should say
cargo crev reviewinstead?)
lazy_staticand look at
git diff 1.3.0..1.4.0, but that is obviously the wrong workflow.)
dpcCargo crev diff lazy_static
dpc > <@gitter_burntsushi:matrix.org> (also, when i drop into a subshell, it tells me that i can run the
review command. i assumed that meant the subshell introduced this command, but it did not. so i guess that should say
cargo crev review instead?)
dpcThat's a tough one. I'm siding on "not yet", but then there are no imediately plans for breaking changes.
dpcAlso, considering that
crevis mostly for Rust developers, I would expect
cargo installto work quite well for them, no?
shell.nixin github repo. :)
dpcI've added a new command
lookup <query>that lookups crates from crates.io and then sorts them by number or proofs.
Ralithmanually built binaries in a nix system tend to bitrot rapidly
dpcIf there's a way to make it rustls I'm all happy about it.
Ralithoh, the foreign dep? that sucks
Ralithguess we don't have a pure rust git impl
dpccrev keeps track of latest url using the timestamps
Ralithgood to know
dpcThe fact that it's a popular and widely available format is also a plus.