[libre-riscv-dev] web-of-trust for code reviews to manage trusting dependencies

Jacob Lifshay programmerjake at gmail.com
Tue Aug 27 05:03:55 BST 2019


I set up my personal crev-proofs repo at
https://github.com/programmerjake/crev-proofs

On Mon, Aug 26, 2019 at 7:40 PM Jacob Lifshay <programmerjake at gmail.com> wrote:
>
> I found a very interesting article about crev:
> https://wiki.alopex.li/ActuallyUsingCrev
>
> It's basically making a web of trust to handle making sure that
> dependencies are trustworthy.
>
> Note that using crev doesn't require GitHub, it just requires a public
> git repo (the author doesn't use GitHub for their repo).
>
> There's currently only an implementation for Rust and Cargo:
> https://github.com/crev-dev/cargo-crev
>
> This definitely needs to be integrated into pip, npm, and other
> similar programs.
>
> Jacob Lifshay



More information about the libre-riscv-dev mailing list