[libre-riscv-dev] web-of-trust for code reviews to manage trusting dependencies
Jacob Lifshay
programmerjake at gmail.com
Tue Aug 27 03:40:26 BST 2019
I found a very interesting article about crev:
https://wiki.alopex.li/ActuallyUsingCrev
It's basically making a web of trust to handle making sure that
dependencies are trustworthy.
Note that using crev doesn't require GitHub, it just requires a public
git repo (the author doesn't use GitHub for their repo).
There's currently only an implementation for Rust and Cargo:
https://github.com/crev-dev/cargo-crev
This definitely needs to be integrated into pip, npm, and other
similar programs.
Jacob Lifshay
More information about the libre-riscv-dev
mailing list