[libre-riscv-dev] web-of-trust for code reviews to manage trusting dependencies
programmerjake at gmail.com
Tue Aug 27 05:03:55 BST 2019
I set up my personal crev-proofs repo at
On Mon, Aug 26, 2019 at 7:40 PM Jacob Lifshay <programmerjake at gmail.com> wrote:
> I found a very interesting article about crev:
> It's basically making a web of trust to handle making sure that
> dependencies are trustworthy.
> Note that using crev doesn't require GitHub, it just requires a public
> git repo (the author doesn't use GitHub for their repo).
> There's currently only an implementation for Rust and Cargo:
> This definitely needs to be integrated into pip, npm, and other
> similar programs.
> Jacob Lifshay
More information about the libre-riscv-dev