Andrew Lilley Brinker

icon indicating a website link www.alilleybrinker.com icon indicating an email [email protected]

icon company @mitre icon location Orange County, California icon location 👷🏻‍♂️ Hipcheck, OmniBOR 🖊️ Open source software, security, memory safety ☕ Coffee, more coffee

Results 131 issues of Andrew Lilley Brinker

Consider using `packageurl::PackageUrl` instead of custom `Purl` type.

3 comment

Right now the crate uses its own `Purl` type, with only hidden fields (which also makes it not terribly useful as-is, except for validation; use of its contents requires `Display`-ing...

Consider using `url::Url` instead of custom `Uri` type.

Similar to #410, but for the `url::Url` type and the internal `Uri` type: https://docs.rs/cyclonedx-bom/0.4.0/cyclonedx_bom/external_models/uri/struct.Uri.html Better not to reinvent the wheel with a limited custom type.

Enable selecting system certificate stores.

1 comment

This commit adds the ability to select what certificate root store to use when making HTTPS connections. Previously, `cargo-release` was configured to use the default for `tame-index`, which is the...

"Invalid peer certificate" when run on network which substitutes certs

10 comment

This issue appears to have arisen between `v0.20.5` and `v0.25.6` (it worked for me on the former version, and now doesn't on the latter). Basically, I'm running on a network...

bug

Generate element relationship information

1 comment

SPDX [permits specification of the relationship between elements](https://spdx.github.io/spdx-spec/relationships-between-SPDX-elements/). There's a pretty substantial list of relationship types that can be represented, and of entities that can be related. The documentation gives...

enhancement

Generate file information

2 comment

SPDX includes [recording of files which are present in a software bundle](https://spdx.github.io/spdx-spec/file-information/). For us at minimum this means specification of files in the current crate.

enhancement

Handle licenses not found in the SPDX license list with the "Other licensing information" section

The SPDX standard includes a [lengthy list of known licenses](https://spdx.github.io/spdx-spec/SPDX-license-list/). In many cases, projects just use those licenses, and no further license specification is necessary. However, sometimes projects _don't_ use...

enhancement

Document that `cargo binstall` can be used to install `cargo-outdated`

`cargo binstall cargo-outdated` works, but you have to know that `cargo binstall` exists and try it out to discover this. It's a much easier experience using the pre-built binaries if...

Remove reference to the Google Groups

2 comment

In general they don't get used, and we're likely better off fully removing them. This is part of a broader discussion regarding the Google Groups, Slack Channel, GitHub Discussions, and...

Link to more conference talks from the website

Including: - [Cloud Native Security Conference 2023, by Frederick Kautz](https://www.youtube.com/watch?v=4xK3Vv_rPbg) - Aeva's ShmooCon talk when it's published - Any others that have been delivered / released where we have videos