Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 05:44

    dpc on master

    Replace all the short aliases w… Add shortcuts to commonly used … (compare)

  • 04:09
    kornelski commented #284
  • 04:09
    kornelski commented #284
  • 04:08
    kornelski commented #284
  • 04:06
    kornelski commented #284
  • 04:04
    kornelski commented #284
  • 04:03
    kornelski commented #284
  • 03:43
    dpc commented #284
  • 03:19
    kornelski commented #284
  • 03:18
    kornelski commented #284
  • 03:16
    kornelski commented #284
  • 02:59
    dpc commented #284
  • 02:58
    dpc commented #284
  • 02:58
    dpc commented #284
  • 02:57
    dpc commented #284
  • 02:25
    dpc commented #284
  • 02:25
    dpc commented #284
  • 02:19
    dpc commented #284
  • 02:10
    kornelski commented #284
  • 01:52
    Lokathor commented #284
matrixbot
@matrixbot
Ralith from the getting started doc, if openssl is a ticking point, why not use rustls?
dpc libgit2 uses ssl
dpc If there's a way to make it rustls I'm all happy about it.
Ralith oh, the foreign dep? that sucks
Ralith guess we don't have a pure rust git impl
matrixbot
@matrixbot
Ralith can the URL associated with an id be changed?
dpc Yes.
dpc crev keeps track of latest url using the timestamps
Ralith good to know
matrixbot
@matrixbot
dpc Is it me or displaying =<version> in latest_t column of verify is pointless? It's just noise and it would be better to display something only if it recommends downgrade or upgrade to a trusted version?
matrixbot
@matrixbot
Ralith btw, for a security tool, you might want to reconsider using such a complicated and often poorly implemented encoding scheme as yaml for core functionality
matrixbot
@matrixbot
dpc I don't know. Yaml is kind of fitting the purpose well. :/
dpc The fact that it's a popular and widely available format is also a plus.
dpc We just have to review these yaml parsers... 😁
Ralith iirc e.g. the python implementation is unmaintained and has had worrying bug reports open for years
Ralith that is to say, the C reference implementation which python among many other people use
dpc I remember Python's yaml.open vs yaml.open_safe... :D
dpc What can I say... Python is just a bad language. :shotsfired:
dpc :D
dpc At very least they should just oxidize. I though there are nice libraries for using Rust to write python modules. :)
matrixbot
@matrixbot
Ralith if something is widely implemented wrong, it may not be the implementers' faults
dpc Also, we only use a subset of yaml features ... Very small one.
dpc One could use a shell-script and sed/grep to parse proofs.
matrixbot
@matrixbot
dpc We could maybe use https://github.com/fralalonde/strict-yaml-rust at some point.
matrixbot
@matrixbot

MaulingMonkey > =<version>

I don't know, finding the right column way off to the left takes me a moment. Could be turned green and/or simplified (=? checkmark?) to make it blur together less though.

matrixbot
@matrixbot

MaulingMonkey Andrew Gallant (Gitter): on the off chance you didn't get this done already:

cargo crev diff lazy_static --color -u
cargo crev review lazy_static --diff

Since I already have a 1.3.0 review, this will diff 1.4.0 from it for me (on a crate using 1.4.0) then review

dpc > <@mauling-monkey:matrix.org> > =<version>

I don't know, finding the right column way off to the left takes me a moment. Could be turned green and/or simplified (=? checkmark?) to make it blur together less though.

I like that.

matrixbot
@matrixbot
MaulingMonkey Also, I'm curious what workflows people are using to keep track of updates to crates they've reviewed that they'd like to keep in a reviewed state for the latest version...?
dpc I don't think there's anything explicitily supporting such need, right now.
matrixbot
@matrixbot
MaulingMonkey I guess I can just follow all the crates on crates.io
dpc It's better to just scratch that itch and write yourself a tool to do this. :D
dpc Or a make it a cargo crev subcommand
matrixbot
@matrixbot
MaulingMonkey A subcommand could be nice, although I'm wondering what form it would take
MaulingMonkey I can create an issue for some discussion...?
dpc Sure.
dpc I was thinking - list of the deps with newer versions available. Highlight ones that were already: reviewed / trusted.
dpc Sort of like cargo outdated.
MaulingMonkey Can do taht much with latest_t almost... problem is, I'm constantly switching projects, and not noticing updates for awhile :D
MaulingMonkey Because they're not dependencies of my current project
matrixbot
@matrixbot
MaulingMonkey crev-dev/cargo-crev#238
dpc Hmmm... You could make a project that depends on all the stuff you care about. :D
MaulingMonkey I have that... but it's hundreds of crates long
MaulingMonkey Because of all the indirect dependencies
dpc BurntSushi's worst Rust nightmare - a crate that depends on all other crates. :D
MaulingMonkey I'm trying to filter them down some with findstr but that doesn't like the down arrow unicode
MaulingMonkey Also I'm worried that someone will set a max version requirement, which means I won't be on the latest version for every crate
MaulingMonkey I already have duplicates in the "everything project"
MaulingMonkey :D
dpc Another way would be to just go through all existing proofs, and see if the coresponding crates have updates.
MaulingMonkey Yeah, that's sort of what I'm thinking might be the way forward