24 Members
crev users https://github.com/dpc/crev/5 Servers

Load older messages

Timestamp Message
13 Sep 2019
In reply to @kspaans:matrix.org
Sorry I don't get the video part?
It's an educational material and proof that the work was done.
02:03:31@dpc:matrix.orgdpcLink to video could be in the comment
02:05:00@dpc:matrix.orgdpcIf you get like 50 patrons each giving $10/mo then it is good enough to review a package a day or so as a side gig
02:05:30@dpc:matrix.orgdpcGood opportunity for people in low CoL area
02:05:33@gitter_andrewchambers:matrix.organdrewchambers (Gitter)true, and they can vote on what you reviewed
02:05:53@gitter_andrewchambers:matrix.organdrewchambers (Gitter)that might work as a simple site
02:06:37@gitter_andrewchambers:matrix.organdrewchambers (Gitter)another way is bounties, but only respected people can claim them
02:06:53@gitter_andrewchambers:matrix.organdrewchambers (Gitter)not anonymous people
02:07:03@gitter_andrewchambers:matrix.organdrewchambers (Gitter)pool bounties
02:12:31@dpc:matrix.orgdpcPool? I was thinking individual + patreon
02:13:00@dpc:matrix.orgdpc I am quite sure it wouldn't take much to build a good reputation and sustainable base of sponsors
02:13:25@dpc:matrix.orgdpc With video proofs anyone can check so there's no room for cheating
02:26:38@dpc:matrix.orgdpcReviewing is a perfect work to outsource
22:00:32@dpc:matrix.orgdpchttps://github.com/RustSec/advisory-db/pull/151#issue-315007449 That was close
14 Sep 2019
02:21:08@ralith:ralith.comRalithis that really a security issue
02:39:52@dpc:matrix.orgdpcI'm not sure.
02:40:10@dpc:matrix.orgdpcBut if it were digests that are affected, that would mean all the crev signatures are incorrect. :D
02:57:44@ralith:ralith.comRaliththat would have been awkward
02:57:59@dpc:matrix.orgdpcWell said.
02:58:11@ralith:ralith.comRalithmaybe time to go make sure that crate has tests against known good examples
03:00:53@gitter_andrewchambers:matrix.organdrewchambers (Gitter)dpc
03:01:02@gitter_andrewchambers:matrix.organdrewchambers (Gitter)bad news, npm is insecure by design :P
03:01:04@gitter_andrewchambers:matrix.organdrewchambers (Gitter) https://www.npmjs.com/products/enterprise
03:01:13@gitter_andrewchambers:matrix.organdrewchambers (Gitter)you just gotta buy the enterprise security gateway
03:16:42@dpc:matrix.orgdpcNPM is a tragic history.
03:18:15@dpc:matrix.orgdpcI can highly recommend: https://www.youtube.com/watch?v=MO8hZlgK5zc
03:46:58@dpc:matrix.orgdpc Ehh... cargo developers insist that people should not link cargo library and use tools like cargo metadata instead. And cargo the library API is ... very weird in some places.
22:07:00@kspaans:matrix.orgKyle SpaansMy friend and recent coworker is the new CTO of NPM, so feel free to give me any feedback you want to go direct to the top :P
15 Sep 2019
00:10:13@dpc:matrix.orgdpcThey should help with crev-npm 😜
15:27:00@kspaans:matrix.orgKyle SpaansOh they're busy with many other things :P

There are no newer messages yet.

Back to Room List