Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 11:44
    BurntSushi commented #287
  • 03:37
    omasanori commented #287
  • 03:33
    omasanori commented #287
  • Jan 21 18:31
    dpc commented #287
  • Jan 21 07:51
    omasanori opened #287
  • Jan 19 19:14

    dpc on master

    Fix a mistake (compare)

  • Jan 19 19:12
    dpc commented #283
  • Jan 19 19:10
    dpc commented #283
  • Jan 19 19:09

    dpc on master

    Change wording in main help Improve `verify` message about … (compare)

  • Jan 19 19:08
    dpc commented #283
  • Jan 19 19:08
    dpc commented #283
  • Jan 19 19:04
    dpc commented #283
  • Jan 19 09:18
    ralfbiedert commented #283
  • Jan 19 07:10
    dpc closed #283
  • Jan 19 06:34

    dpc on master

    Change wording in main help (compare)

  • Jan 19 06:21

    dpc on master

    Make `repo update` do `repo fet… (compare)

  • Jan 19 05:54
    dpc commented #284
  • Jan 19 05:53

    dpc on master

    Minor help improvements (compare)

  • Jan 19 05:44

    dpc on master

    Replace all the short aliases w… Add shortcuts to commonly used … (compare)

  • Jan 19 04:09
    kornelski commented #284
matrixbot
@matrixbot
dpc True. I just have a rust-update.sh script that downloads all newest toolchains and rebuilds and reinstalls all the tooling.
matrixbot
@matrixbot
Ralith from the getting started doc, if openssl is a ticking point, why not use rustls?
dpc libgit2 uses ssl
dpc If there's a way to make it rustls I'm all happy about it.
Ralith oh, the foreign dep? that sucks
Ralith guess we don't have a pure rust git impl
matrixbot
@matrixbot
Ralith can the URL associated with an id be changed?
dpc Yes.
dpc crev keeps track of latest url using the timestamps
Ralith good to know
matrixbot
@matrixbot
dpc Is it me or displaying =<version> in latest_t column of verify is pointless? It's just noise and it would be better to display something only if it recommends downgrade or upgrade to a trusted version?
matrixbot
@matrixbot
Ralith btw, for a security tool, you might want to reconsider using such a complicated and often poorly implemented encoding scheme as yaml for core functionality
matrixbot
@matrixbot
dpc I don't know. Yaml is kind of fitting the purpose well. :/
dpc The fact that it's a popular and widely available format is also a plus.
dpc We just have to review these yaml parsers... 😁
Ralith iirc e.g. the python implementation is unmaintained and has had worrying bug reports open for years
Ralith that is to say, the C reference implementation which python among many other people use
dpc I remember Python's yaml.open vs yaml.open_safe... :D
dpc What can I say... Python is just a bad language. :shotsfired:
dpc :D
dpc At very least they should just oxidize. I though there are nice libraries for using Rust to write python modules. :)
matrixbot
@matrixbot
Ralith if something is widely implemented wrong, it may not be the implementers' faults
dpc Also, we only use a subset of yaml features ... Very small one.
dpc One could use a shell-script and sed/grep to parse proofs.
matrixbot
@matrixbot
dpc We could maybe use https://github.com/fralalonde/strict-yaml-rust at some point.
matrixbot
@matrixbot

MaulingMonkey > =<version>

I don't know, finding the right column way off to the left takes me a moment. Could be turned green and/or simplified (=? checkmark?) to make it blur together less though.

matrixbot
@matrixbot

MaulingMonkey Andrew Gallant (Gitter): on the off chance you didn't get this done already:

cargo crev diff lazy_static --color -u
cargo crev review lazy_static --diff

Since I already have a 1.3.0 review, this will diff 1.4.0 from it for me (on a crate using 1.4.0) then review

dpc > <@mauling-monkey:matrix.org> > =<version>

I don't know, finding the right column way off to the left takes me a moment. Could be turned green and/or simplified (=? checkmark?) to make it blur together less though.

I like that.

matrixbot
@matrixbot
MaulingMonkey Also, I'm curious what workflows people are using to keep track of updates to crates they've reviewed that they'd like to keep in a reviewed state for the latest version...?
dpc I don't think there's anything explicitily supporting such need, right now.
matrixbot
@matrixbot
MaulingMonkey I guess I can just follow all the crates on crates.io
dpc It's better to just scratch that itch and write yourself a tool to do this. :D
dpc Or a make it a cargo crev subcommand
matrixbot
@matrixbot
MaulingMonkey A subcommand could be nice, although I'm wondering what form it would take
MaulingMonkey I can create an issue for some discussion...?
dpc Sure.
dpc I was thinking - list of the deps with newer versions available. Highlight ones that were already: reviewed / trusted.
dpc Sort of like cargo outdated.
MaulingMonkey Can do taht much with latest_t almost... problem is, I'm constantly switching projects, and not noticing updates for awhile :D
MaulingMonkey Because they're not dependencies of my current project
matrixbot
@matrixbot
MaulingMonkey crev-dev/cargo-crev#238
dpc Hmmm... You could make a project that depends on all the stuff you care about. :D
MaulingMonkey I have that... but it's hundreds of crates long
MaulingMonkey Because of all the indirect dependencies
dpc BurntSushi's worst Rust nightmare - a crate that depends on all other crates. :D
MaulingMonkey I'm trying to filter them down some with findstr but that doesn't like the down arrow unicode
MaulingMonkey Also I'm worried that someone will set a max version requirement, which means I won't be on the latest version for every crate
MaulingMonkey I already have duplicates in the "everything project"
MaulingMonkey :D
dpc Another way would be to just go through all existing proofs, and see if the coresponding crates have updates.