@whitequark @Dave_Korn_ Sandstorm isn't a library, you wouldn't use it in a build. It's downloaded over HTTPS.
-
-
Replying to @KentonVarda
@whitequark@Dave_Korn_ We plan to add PGP sigs, but note that npm, gem, etc. don't even have that. If you're bashing them too, fair enough.1 reply 0 retweets 0 likes -
Replying to @KentonVarda
@KentonVarda@Dave_Korn_ I am. My kingdom for a single .deb or even a repository.1 reply 0 retweets 0 likes -
Replying to @whitequark
@whitequark@Dave_Korn_ OK, you have a legitimate concern, just understand that it applies to like 90% of modern web dev tools. :)2 replies 0 retweets 1 like -
Replying to @KentonVarda
@whitequark@Dave_Korn_ I wish there were a PGP-verified package format that worked on all Linux distros.1 reply 0 retweets 1 like -
Replying to @KentonVarda
@whitequark@Dave_Korn_ In any case PGP-verified installs are on the todo list.1 reply 0 retweets 2 likes -
Replying to @KentonVarda
@whitequark@Dave_Korn_ Also if you're going to judge us on security, please read this :) https://docs.sandstorm.io/en/latest/developing/security-practices/ …1 reply 0 retweets 0 likes -
Replying to @KentonVarda
@KentonVarda@Dave_Korn_ yeah, I believe the basic principles behind Sandstorm are great & sound. All too disappointing to see a curlbash.1 reply 0 retweets 0 likes -
Replying to @whitequark
@whitequark@Dave_Korn_ I made a pull request for you. https://github.com/sandstorm-io/sandstorm/pull/901 …1 reply 0 retweets 1 like -
Replying to @KentonVarda
@whitequark@Dave_Korn_ OK, we have PGP-verified installs (and ed25519-verified updates) now. https://blog.sandstorm.io/news/2015-09-24-is-curl-bash-insecure-pgp-verified-install.html …3 replies 2 retweets 2 likes
RT @KentonVarda: @whitequark @Dave_Korn_ OK, we have PGP-verified installs (and ed25519-verified updates) now. https://blog.sandstorm.io/news/2015-09-24-is-curl-bash-insecure-pgp-verified-install.html …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.