Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Dec 03 07:16

    dpc on master

    Make alternatives work both way… (compare)

  • Dec 01 04:14
    kpcyrd commented #130
  • Nov 28 07:21

    dpc on master

    Handle `-u` in `crate info` (compare)

  • Nov 27 06:16

    dpc on master

    Update CHANGELOG Bump version (compare)

  • Nov 27 05:22

    dpc on v0.13.0

    Update CHANGELOG Bump version (compare)

  • Nov 27 03:13

    dpc on master

    Fix CHANGELOG formatting Fix trust proof draft `comment`… Fix the return code of `crate v… (compare)

  • Nov 26 17:02
    dpc commented #267
  • Nov 26 17:02

    dpc on master

    Fix bad command in getting_star… Merge pull request #267 from db… (compare)

  • Nov 26 17:02
    dpc closed #267
  • Nov 26 13:21
    dbrgn opened #267
  • Nov 26 06:22

    dpc on master

    Support better local crates (compare)

  • Nov 20 06:07

    dpc on v0.12.0

    (compare)

  • Nov 20 05:55

    dpc on master

    Update CHANGELOG, bump version (compare)

  • Nov 19 05:47

    dpc on master

    Minore documentation change (compare)

  • Nov 11 22:32
    dpc commented #264
  • Nov 11 21:13

    dpc on master

    Fix `--skip-known-owners` and `… (compare)

  • Nov 09 00:07
    dpc commented #266
  • Nov 09 00:07

    dpc on master

    Fix invalid command suggestion … Merge pull request #266 from zo… (compare)

  • Nov 09 00:07
    dpc closed #266
  • Nov 09 00:07
    dpc closed #265
Andrew Gallant
@BurntSushi
(i'm tempted to just git clone lazy_static and look at git diff 1.3.0..1.4.0, but that is obviously the wrong workflow.)
matrixbot
@matrixbot
dpc diff sub command?
dpc Cargo crev diff lazy_static

dpc > <@gitter_burntsushi:matrix.org> (also, when i drop into a subshell, it tells me that i can run the review command. i assumed that meant the subshell introduced this command, but it did not. so i guess that should say cargo crev review instead?)

Yes

matrixbot
@matrixbot
Ralith is crev stable enough to be redistributed yet?
dpc That's a tough one. I'm siding on "not yet", but then there are no imediately plans for breaking changes.
matrixbot
@matrixbot
Ralith kay, will keep my package to myself
dpc NixOS? :)
Ralith of course
dpc Also, considering that crev is mostly for Rust developers, I would expect cargo install to work quite well for them, no?
dpc There's even shell.nix in github repo. :)
dpc I've added a new command lookup <query> that lookups crates from crates.io and then sorts them by number or proofs.
Ralith manually built binaries in a nix system tend to bitrot rapidly
matrixbot
@matrixbot
dpc True. I just have a rust-update.sh script that downloads all newest toolchains and rebuilds and reinstalls all the tooling.
matrixbot
@matrixbot
Ralith from the getting started doc, if openssl is a ticking point, why not use rustls?
dpc libgit2 uses ssl
dpc If there's a way to make it rustls I'm all happy about it.
Ralith oh, the foreign dep? that sucks
Ralith guess we don't have a pure rust git impl
matrixbot
@matrixbot
Ralith can the URL associated with an id be changed?
dpc Yes.
dpc crev keeps track of latest url using the timestamps
Ralith good to know
matrixbot
@matrixbot
dpc Is it me or displaying =<version> in latest_t column of verify is pointless? It's just noise and it would be better to display something only if it recommends downgrade or upgrade to a trusted version?
matrixbot
@matrixbot
Ralith btw, for a security tool, you might want to reconsider using such a complicated and often poorly implemented encoding scheme as yaml for core functionality
matrixbot
@matrixbot
dpc I don't know. Yaml is kind of fitting the purpose well. :/
dpc The fact that it's a popular and widely available format is also a plus.
dpc We just have to review these yaml parsers... 😁
Ralith iirc e.g. the python implementation is unmaintained and has had worrying bug reports open for years
Ralith that is to say, the C reference implementation which python among many other people use
dpc I remember Python's yaml.open vs yaml.open_safe... :D
dpc What can I say... Python is just a bad language. :shotsfired:
dpc :D
dpc At very least they should just oxidize. I though there are nice libraries for using Rust to write python modules. :)
matrixbot
@matrixbot
Ralith if something is widely implemented wrong, it may not be the implementers' faults
dpc Also, we only use a subset of yaml features ... Very small one.
dpc One could use a shell-script and sed/grep to parse proofs.
matrixbot
@matrixbot
dpc We could maybe use https://github.com/fralalonde/strict-yaml-rust at some point.
matrixbot
@matrixbot

MaulingMonkey > =<version>

I don't know, finding the right column way off to the left takes me a moment. Could be turned green and/or simplified (=? checkmark?) to make it blur together less though.

matrixbot
@matrixbot

MaulingMonkey Andrew Gallant (Gitter): on the off chance you didn't get this done already:

cargo crev diff lazy_static --color -u
cargo crev review lazy_static --diff

Since I already have a 1.3.0 review, this will diff 1.4.0 from it for me (on a crate using 1.4.0) then review

dpc > <@mauling-monkey:matrix.org> > =<version>

I don't know, finding the right column way off to the left takes me a moment. Could be turned green and/or simplified (=? checkmark?) to make it blur together less though.

I like that.

matrixbot
@matrixbot
MaulingMonkey Also, I'm curious what workflows people are using to keep track of updates to crates they've reviewed that they'd like to keep in a reviewed state for the latest version...?
dpc I don't think there's anything explicitily supporting such need, right now.
matrixbot
@matrixbot
MaulingMonkey I guess I can just follow all the crates on crates.io
dpc It's better to just scratch that itch and write yourself a tool to do this. :D
dpc Or a make it a cargo crev subcommand
matrixbot
@matrixbot
MaulingMonkey A subcommand could be nice, although I'm wondering what form it would take
MaulingMonkey I can create an issue for some discussion...?
dpc Sure.
dpc I was thinking - list of the deps with newer versions available. Highlight ones that were already: reviewed / trusted.