[libre-riscv-dev] web-of-trust for code reviews to manage trusting dependencies
programmerjake at gmail.com
Tue Aug 27 03:40:26 BST 2019
I found a very interesting article about crev:
It's basically making a web of trust to handle making sure that
dependencies are trustworthy.
Note that using crev doesn't require GitHub, it just requires a public
git repo (the author doesn't use GitHub for their repo).
There's currently only an implementation for Rust and Cargo:
This definitely needs to be integrated into pip, npm, and other
More information about the libre-riscv-dev