Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Random aside: this extension had absolutely the worst internals of any I've ever looked at. Love the functionality, but really wish I didn't see the spaghetti behind the illusion (source files below). It feels like approaching it as a text classification problem might produce a clean general solution
https://github.com/OhMyGuus/I-Still-Dont-Care-About-Cookies/...
https://github.com/OhMyGuus/I-Still-Dont-Care-About-Cookies/...
For instance, the worst company imaginable may be in charge of software that was once FOSS, and they may change absolutely nothing about it, so it should be fine. However, if a small update is added that does something bad, you should know about it immediately.
The solution seems to be much more clearly in the realm of things like crev: https://github.com/crev-dev/cargo-crev/
Wherein users can get a clear picture of what dependencies are used in the full chain, and how they have been independently reviewed for security and privacy. That's the real solution for the future. A quick score that is available upon display everytime you upgrade, with large warnings for anything above a certain threshold.
Related posts
- I think there should be some type of crates vertification especially the popular ones?
- Pip and cargo are not the same
- Security and Correctness in Wasmtime and Cranelift
- Carge-crev: A cryptographically verifiable code review system for Rust
- Carge-crev: A cryptographically verifiable code review system for Rust