dpc on master
Fix `--skip-known-owners` and `… (compare)
dpc on master
Fix invalid command suggestion … Merge pull request #266 from zo… (compare)
dpcIMO what they fail to see that people are imperfect, world complex, and there are no perfect solutions. I base crev security on regonition of that, and I just plan to throw a lot of redundancy at the problem, and embrace the fact that trust is not a binary thing - it is subjective, gradual and dynamic.
dpc > it would be better to start again, by doing the research properly,
doing a comparative analysis of:
they also need to be warned - in advance - that only a handful of
people in the world have the mindset to cope with such a task,
Oh, security astronauts. A self selected elite, that would surely change the world to be better, only if the whole world let them, be being more completely different than it is. :D
dpcAlways happy to yell from the corner "I told you so, ha!" :D
dpcMy absolute problem number 1 in
crev, biggest fear, biggest worry: is getting people to enjoy and use it. Anytime someone tells me there's something they don't like I pause and think how can I make it easier, better, more likeble (without compromising the properties of the system of course), and not respond with "oh, if you weren't such a stupid derp, you would know how to use it; go away; you don't deserve to get the glorious benefitrs of my marevelous system".
programmerjake@dpc:matrix.org: Luke responded: http://lists.libre-riscv.org/pipermail/libre-riscv-dev/2019-August/002600.html
dpcThe max flow algorightm might be useful! Thank you!
dpcThe DDoS think... I'm just planing to leave it unadressed just like PGP devs... :D
dpcJust kidding. :D
dpcThe flow algorithm will have to get involved with what we download eventually, yes.
lazy_static 1.4.0. i see that there is already a review for
lazy_static 1.3.0. ideally, crev could drop me into a sub-shell w here i can see the diff between
1.4.0. is there a way to do that? i see that there is a
cargo crev review --diffflag, but i'm not sure what that's supposed to.
reviewcommand. i assumed that meant the subshell introduced this command, but it did not. so i guess that should say
cargo crev reviewinstead?)
lazy_staticand look at
git diff 1.3.0..1.4.0, but that is obviously the wrong workflow.)
dpcCargo crev diff lazy_static
dpc > <@gitter_burntsushi:matrix.org> (also, when i drop into a subshell, it tells me that i can run the
review command. i assumed that meant the subshell introduced this command, but it did not. so i guess that should say
cargo crev review instead?)
dpcThat's a tough one. I'm siding on "not yet", but then there are no imediately plans for breaking changes.
dpcAlso, considering that
crevis mostly for Rust developers, I would expect
cargo installto work quite well for them, no?
shell.nixin github repo. :)
dpcI've added a new command
lookup <query>that lookups crates from crates.io and then sorts them by number or proofs.
Ralithmanually built binaries in a nix system tend to bitrot rapidly
dpcIf there's a way to make it rustls I'm all happy about it.
Ralithoh, the foreign dep? that sucks
Ralithguess we don't have a pure rust git impl
dpccrev keeps track of latest url using the timestamps
Ralithgood to know
dpcThe fact that it's a popular and widely available format is also a plus.
dpcWe just have to review these yaml parsers... 😁
Ralithiirc e.g. the python implementation is unmaintained and has had worrying bug reports open for years
Raliththat is to say, the C reference implementation which python among many other people use
dpcI remember Python's
dpcWhat can I say... Python is just a bad language. :shotsfired: