Aidan Hobson Sayers

Sure, maybe the default will change, but people may still want to opt out so the flag is still necessary.

We discussed this in an infra team meeting. In summary: - signing rustup is something that's come up before and the only reason we don't do it is we haven't...

For the record, here's how I did it with rustls ``` static KEY: &[u8] = include_bytes!("../keys/key.pem"); static CERT: &[u8] = include_bytes!("../keys/cert.pem"); [...] let mut tls_config: rustls::ServerConfig = rustls::ServerConfig::new(rustls::NoClientAuth::new()); tls_config.set_single_cert( rustls::internal::pemfile::certs(&mut...

In fact, it'd have to be an error at compile time. But perhaps this is actually a useful pattern - it acts as a form of hinting for possible 'magic'...

Current plan is to maintain the status quo, at least until we can talk to the security people at infra meeting next week - my idea of secret management is...

Oh, and there are two high level questions - how to store the secrets, and how to expose them to the application. Blackbox covers mostly the former (with a little...

We're down to just secrets and logs now. Secrets are covered by #2, I'm fine with logs going to disk for now, but at some point we'll probably want a...

Request for clarification: for `clock scan`, is the interest in the free-form scanning or scanning of a particular `-format`? I've found [this flightaware benchmark](https://github.com/flightaware/tclbench/blob/master/clock-scan/bench.tcl) which uses free-form but just want...

I want to point out that it's (relatively) easy to make `clock scan` an incredible amount faster if you break backwards compatibility. From my analysis, the hard part is doing...

> I cannot say that was easy (and the lot of work was not result of the backwards compatibility, trust me). > Well you should choose at last: it is...