[libre-riscv-dev] web-of-trust for code reviews to manage trusting dependencies

Jacob Lifshay programmerjake at gmail.com
Tue Aug 27 07:00:21 BST 2019

One other part that's different than Debian is crev is designed to be
mostly independent of the actual method of publishing the code that is
being reviewed. This allows adding web-of-trust based code reviews to
be done and can handle cases such as someone compromising an account
and publishing their malicious code, since all that's needed is for
someone who you transitively trust to review the code and find it to
be malicious.

More information about the libre-riscv-dev mailing list