Sabitlenmiş Tweet
Joubin
1.2K posts
Joubin
@joubinj
Dad, Husband, Computer Scientists, @OWASP Board, #OWASP Sacramento, Principal Security Architect | Previously: @SizeyApp @NAVSEA @Apple @[email protected]
255.255.255.255 Katılım Mart 2013
485 Takip Edilen354 Takipçiler
@mitchellh I get this is about users. But what about projects and their supply chain. I feel vouch can be extended to projects as well, a project is vouched by a community of reviewers. Different communities have different rating systems that represent a vouch. What do you think?
English
AI eliminated the natural barrier to entry that let OSS projects trust by default. People told me to do something rather than just complain. So I did. Introducing Vouch: explicit trust management for open source. Trusted people vouch for others. github.com/mitchellh/vouch
The idea is simple: Unvouched users can't contribute to your projects. Very bad users can be explicitly "denounced", effectively blocked. Users are vouched or denounced by contributors via GitHub issue or discussion comments or via the CLI.
Integration into GitHub is as simple as adopting the published GitHub actions. Done. Additionally, the system itself is generic to forges and not tied to GitHub in any way.
Who and how someone is vouched or denounced is up to the project. I'm not the value police for the world. Decide for yourself what works for your project and your community.
All of the data is stored in a single flat text file in your own repository that can be easily parsed by standard POSIX tools or mainstream languages with zero dependencies.
My hope is that eventually projects can form a web of trust so that projects with shared values can share their vouch lists with each other (automatically) so vouching or denouncing a person in one project has ripple effects through to other projects.
The idea is based on the already successful system used by @badlogicgames in Pi. Thank you Mario.
Ghostty will be integrating this imminently.
English
@doomerzoomer I think there is an implied “it will get cheaper over time” assumption
English
@LibertyUtil_CA Likely related to this planned outage southtahoenow.com/03/04/2025/alp…
English
South Lake Tahoe customers: We know you're experiencing an outage. This is confirmed to be an upstream transmission problem. We're in close contact with our transmission provider and working to get power restored.
English
@LibertyUtil_CA Is there a portal to check for those of us in hotels? I don’t have an account and the map seems to require a login.
English
We'll post estimated restoration times on our outage map as soon as we have them: myaccount.libertyenergyandwater.com/portal/#/PreOu…
English
@AlyssaM_InfoSec Scary… I’m raising two boys and I will do better! I’d be horrified if these were my kids.
English
The first person to identify the movie from which this portion of a frame was extracted will get a free t-shirt at atp.fm/store
English
@SGgrc control tab and control shift tab are the shortcuts to switch between tabs in edge (instead of using alt for the limited range) also you might enjoy cntr shift A for searching among your recent activity… and they have sidebar tabs too :) @MicrosoftEdge is killing it!
English
Maybe we can start thinking of non sms based authentication and decoupling signal from phone numbers as a primary identity now? Please?
Signal@signalapp
Recently @twilio, which provides SMS verification services for Signal, suffered a phishing attack. Via Twilio, attackers may have accessed phone numbers & SMS registration codes for 1,900 Signal users. 1/
English
@heycori Same. @USENIXSecurity and @SOUPSConference did a great job requiring masks and vaccines. I love this community.
English
Negative for COVID antigens after my #soups2022 #usesec22 trip to Boston. Hope others are also healthy and not infectious.
English
@abbyfuller - DMs are closed now. Is there a proper way to get an invite now?
English
