HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Nemo157

no profile record

comments

Nemo157
·há 3 anos·discuss
But you are the second party, there is no third party involved when you use the software for yourself.
Nemo157
·há 3 anos·discuss
You don't need to pay to have an organization, I just created a personal organization to hold my non-experimental source repos.
Nemo157
·há 3 anos·discuss
Since unsoundness is a property of an interface, that private safe function would be unsound but could be used as part of the implementation details of a sound public API.

It's not something I would do personally, and would be something I'd put down as a black mark against using a library as a dependency, but it's nowhere near as bad as doing the same thing on a public API.
Nemo157
·há 3 anos·discuss
Then your code calling `pre_exec` is unsound, it is calling into `foo1` which is not documented to be async-signal-safe. Without any documentation saying otherwise you can't assume a function can be called within weird contexts with non-standard restrictions, and if they update to do something like add an allocation that causes your code to be UB, that's allowed by their documented API.
Nemo157
·há 4 anos·discuss
If you're improving the UI around here it would also be good to see how the list was determined. For automated detection in particular it seems like the tooling used also should be made public to allow testing. I know of at least one dependency that I would expect to turn up on sentry's list that doesn't. (A first guess: a bug in how you handle Rust workspaces, using the root to calculate dependency depth; alternatively a bug in your handling of non-lowercase github usernames, I notice there are only lowercase usernames in the list, but that might just be an artifact of your UI design).
Nemo157
·há 4 anos·discuss
The hash you have is computed from the hash of the content and other data. You would need to send that additional data out-of-band to allow the client to compute the overall hash and verify it. (Not to mention with urls like ipfs://<hash>/some/path you only have the hash of some arbitrary parent node, so there's even more additional data necessary to be able to verify that the content at that path under the hash you have is valid).
Nemo157
·há 4 anos·discuss
A long time ago Cloudflare was experimenting with support for E2E integrity via their public gateway:

https://blog.cloudflare.com/e2e-integrity/

It looks like they've taken the FF addon down and archived the source repo though.