muesli
Well, yes, but what's the alternative you're suggesting?
This is why it's important to depend on well-maintained libraries.
If they have good reasons to depend on different versions, they can technically do that.
If that means they're inheriting a security risk from one of their dependencies, though, then it becomes their issue (and yours by inheritance) to deal with.
muesli
There is no importing _random_ shit though. You pin _and_ checksum a dependency with Go modules.
It refuses to build if there's a checksum mismatch.
muesli
But is it really? I think you underestimate how young the language and ecosystem is and ignore what they achieved with "dep" and Go modules in recent years.
It gives you all the tools you need to achieve reproducible builds now.
muesli
We need a system that lets us reproduce a packager's work and confirm that whatever they release was indeed built from a specific source tree without any unintended or even malicious changes.
To achieve that we require reproducible builds, so we can correlate a build with its source tree(s) and dependencies.
Whenever a new package gets released, this would allow independent systems and entities to verify that its contents really match the expectations.
muesli
Thread:
We need to talk about packaging, signatures, checksums and reproducible builds:
On your system you have a keyring of packagers' GPG keys that you inherently trust.
Releases get signed with a key, which verifies the packager as the author, and supposedly lets you and your system trust their contents.
But do you really trust your packagers? How could you? Do you know them personally and monitor their packaging work?
Would you even know if they release a package with malicious content?
muesli
Thank you! Keep in mind this is really still a pre-release. It's nowhere near feature complete (obviously), but I thought it's fun to give everyone the chance to join in and provide feedback as early as possible.
Updates rolling in on pretty much a daily basis right now 😊
YlBi
came across these little fellows walking through the forest.
muesli
The problem isn't the ID, but the pagination response also doesn't use integer values, but generated ID strings. I'm already preparing a PR for go-mastodon.
Hang tight.
muesli
@kaniini It's actually an issue in the upstream go-mastodon client, but I'm working on a pull request for it. Soon, real soon!
muesli
@KitsuneAlicia And I highly appreciate it! It's absolutely important to keep track of thsse things. Attention to detail is important. A constant feedback loop during development is an immensly useful tool to have. As such I'm really looking forward to seeing more tickets and feedback from you!
muesli
Awesome! Just keep in mind we're still at a really early stage in development. It's not expected to be feature complete and there will be bugs... but never hesitate to open tickets!
In return you get the chance to watch a Mastodon client grow on a daily basis and you get to help shape it.
I hope more people find that intriguing and fun, otherwise I wouldn't have published it just yet 😆
muesli
@KitsuneAlicia That probably just means you don't have the qt5-xmlpatterns(-dev) package installed. The bindings for that particular library would be missing, but I don't think Telepathy depends on it in any way. It should probably still build fine. Let me know!
Telephant
Go fetch the latest build of Telephant!
It now supports adding (and removing) extra panes for hashtags, has improved mouse wheel scrolling and a bunch of other, smaller fixes.
Find the links in the README:
muesli
@zatnosk Will eventually clean that up, but it's nothing to worry about. It's initializing a delegate with an empty model, which simply lacks its members.
muesli
I guess the avatar gave it away 😆
muesli
You may have a point there.
muesli
I guess that's possible, I must admit I didn't try that just now. But I'm very certain that pressing the test button does not indicate any battery level whatsoever: it always just fakes the same alarm sound.
muesli
I'm really confused now. That's not how any smoke detector works that I've ever seen.
You press the button, it fakes the alarm sound. No matter how full or empty the battery is: same sound.
Well, I guess unless it's completely empty, then it doesn't beep, but that's kinda expected 😆
muesli
If I'd replace all the smoke alarms in this place with Nests, I'd probably first need to get a mortgage 😂
muesli
Then I guess I have literally the cheapest smoke detector out there, because mine definitely doesn't do that...
Software #developer with a passion for #opensource, who enjoys #golang way too much. Made glow, beehive, knoxite, duf and a bunch of other cool things.If it got a firmware, I'll flash it.
Bobinas P4G is a social network. It runs on GNU social, version 2.0.1-beta0, available under the GNU Affero General Public License.
All Bobinas P4G content and data are available under the Creative Commons Attribution 3.0 license.
