--- Log opened Fri Dec 14 00:00:51 2018
00:50 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 252 seconds]
01:03 -!- belcher [~belcher@unaffiliated/belcher] has joined #rust-bitcoin
01:11 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 250 seconds]
01:41 -!- MooNJaCk- [~hiaadsn@179.183.95.7] has joined #rust-bitcoin
01:41 -!- MooNJaCk- [~hiaadsn@179.183.95.7] has quit [Changing host]
01:41 -!- MooNJaCk- [~hiaadsn@unaffiliated/moonjack-] has joined #rust-bitcoin
01:42 -!- MooNJaCk- [~hiaadsn@unaffiliated/moonjack-] has quit [Client Quit]
02:01 < stevenroose> BlueMatt: dpc: yeah so I think this tool is to be used to review dependencies, right? Like we could have a set of "trusted dependencies" for all rust-bitcoin projects where we can review certain versions and once a few people reviewed it, it'd be safe to be used for all rust-bitcoin code. I think it's a lot harder to expect us to review all changes to all the repos of our dependencies continuously.
02:02 < stevenroose> This is also why we miss explicit content commitments in cargo.toml. You can't say "I want v0.1.5; AND hash xxxxxxx". So it's still vulnerable to being served other code.
02:03 < stevenroose> Either through malicous crates.io, override upload of the owner (though I guess that's impossible??), mitm..
02:13 -!- belcher [~belcher@unaffiliated/belcher] has joined #rust-bitcoin
02:16 -!- TamasBlummer1 [~Thunderbi@p200300DD673DE9765F721C25DC46AEC7.dip0.t-ipconnect.de] has joined #rust-bitcoin
02:16 -!- TamasBlummer [~Thunderbi@p200300DD673DE9104D298C6456869AB8.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
02:16 -!- TamasBlummer1 is now known as TamasBlummer
06:26 < dpc> stevenroose exactly
07:24 -!- schmidty_ [~schmidty@104-7-216-111.lightspeed.austtx.sbcglobal.net] has quit []
08:03 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has joined #rust-bitcoin
09:10 < BlueMatt> sgeisler: yay!
09:11 < BlueMatt> andytoshi: no problem, things seem to keep moving 'round here even without you :)
09:16 < andytoshi> yeah, it's great to see :)
09:17 < andytoshi> stevenroose: so, fwiw we have Cargo.lock committed in the blockstream functionary code (which produces binaries so the .lock will actually be respected) and my plan in future is to actually review any changes to dependencies
11:23 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has quit [Remote host closed the connection]
11:44 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has joined #rust-bitcoin
11:52 -!- nothingmuch [~user@62.102.148.130] has joined #rust-bitcoin
11:53 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has quit [Remote host closed the connection]
11:54 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has joined #rust-bitcoin
11:56 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has quit [Read error: Connection reset by peer]
11:57 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has joined #rust-bitcoin
12:00 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has quit [Remote host closed the connection]
12:02 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has joined #rust-bitcoin
12:21 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has quit [Remote host closed the connection]
12:23 -!- michaels_ [~michaelsd@208.59.170.5] has joined #rust-bitcoin
12:28 -!- michaels_ [~michaelsd@208.59.170.5] has quit [Ping timeout: 246 seconds]
12:57 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has joined #rust-bitcoin
13:05 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has quit [Ping timeout: 250 seconds]
15:55 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has joined #rust-bitcoin
16:02 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has quit [Ping timeout: 240 seconds]
17:03 -!- grubles [~grubles@unaffiliated/grubles] has quit [Quit: Leaving]
18:00 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has joined #rust-bitcoin
18:50 -!- michaelsdunn1 [~michaelsd@unaffiliated/michaelsdunn1] has quit [Ping timeout: 250 seconds]
19:39 -!- grubles [~grubles@unaffiliated/grubles] has joined #rust-bitcoin
--- Log closed Sat Dec 15 00:00:52 2018