I am not sure what you set out to prove or think you have proven... but the article doesn't give me an indication on either one of those things.
If anything, you have certainly proven that there are still people confident enough to write a blog about something they don't understand. Thanks for that
pyinc is, to my knowledge, the first pure-Python, stdlib-only implementation of a Salsa/Skyframe-style incremental query kernel with a documented from-scratch consistency contract. Prior Python incremental-computation work either targets narrow domains (TA indicators, ML experiment tracking) or depends on a platform (think Palantir Foundry); pyinc is a general-purpose kernel you can vendor into any project. v1.0.1 is now available on pypi!
Exactly. I appreciate the considerations they have already taken, this is definitely a problem that needs to be addressed as agentic AI continues its warpath.
However, this feels to me like widening the attack surface rather than tightening security. I'm going to dig in to this over the next few weeks. Hopefully I prove myself wrong
That aside, I just tested against trufflehog myself. It did take about 10-15%longer for a scan to complete but this is expected. Layerleak is scanning any additional or deleted tags found for the digest while trufflehog only scans the one. I am proud of the project, so I am showing it off. If you dont like, dont use :)
I couldn't find anything comparable to Trufflehog for Docker images, even though I have constantly read articles about "secrets discovered in public images." So I built my own (hopefully) comparable tool.
If anything, you have certainly proven that there are still people confident enough to write a blog about something they don't understand. Thanks for that