-
crev
Socially scalable Code REView and recommendation system that we desperately need. See http://github.com/crev-dev/cargo-crev for real implemenation.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
gecko-dev
Read-only Git mirror of the Mercurial gecko repositories at https://hg.mozilla.org. How to contribute: https://firefox-source-docs.mozilla.org/contributing/contribution_quickref.html
Since the audits are designed to be used at a per project level and contributed directly into the VCS repo (allowing you to using git signing for example) I don't quite understand what additional off-line cryptographic signatures are required here (considering that Cargo's lockfiles already contain a hash of the crate which would prevent the project from getting an altered version of a crate accidentally and that SHA validation is being considered as part of vet as well https://github.com/mozilla/cargo-vet/issues/116).
Alternatives to cargo-vet that has been mentioned before here on HN:
- https://github.com/crev-dev/crev
- https://github.com/vouch-dev/vouch
Anyone know of any more alternatives or similar tools already available?
Alternatives to cargo-vet that has been mentioned before here on HN:
- https://github.com/crev-dev/crev
- https://github.com/vouch-dev/vouch
Anyone know of any more alternatives or similar tools already available?
Does anyone have a link to Mozilla's audits.toml?
I found one in Mozilla's GitHub[1], but it only had five entries.
[1] https://github.com/mozilla/gecko-dev/blob/64f3b7d019700f4fe3...
Related posts
-
NPM repository flooded with 15,000 phishing packages
-
The Python Package Index (PyPI) warns of an ongoing phishing campaign to steal developer credentials and distribute malicious updates.
-
Crev – Socially scalable Code REView and recommendation system
-
Hard disk LEDs and noisy machines
-
50% new NPM packages are spam