[libre-riscv-dev] web-of-trust for code reviews to manage trusting dependencies

Jacob Lifshay programmerjake at gmail.com
Tue Aug 27 05:03:55 BST 2019

I set up my personal crev-proofs repo at

On Mon, Aug 26, 2019 at 7:40 PM Jacob Lifshay <programmerjake at gmail.com> wrote:
> I found a very interesting article about crev:
> https://wiki.alopex.li/ActuallyUsingCrev
> It's basically making a web of trust to handle making sure that
> dependencies are trustworthy.
> Note that using crev doesn't require GitHub, it just requires a public
> git repo (the author doesn't use GitHub for their repo).
> There's currently only an implementation for Rust and Cargo:
> https://github.com/crev-dev/cargo-crev
> This definitely needs to be integrated into pip, npm, and other
> similar programs.
> Jacob Lifshay

More information about the libre-riscv-dev mailing list