Coconut

> I am deeply suspicious of automatically pulling in additional dependencies. That's what making development go to ****. Because if there is no _friction_ to pulling in a billion dependencies,...

I agree. Low barrier to entry makes things worse. Look at npm or cargo. They all suffer from the same supply chain attack. What are the ways to avoid this?...

> NPM and Cargo are both major successes because of their low barrier to entry. No thank you. If someone truly believes it to be the case, I know everything...

Are you guys discussing design by contracts? I think Ada / SPARK is worth looking into. Probably should not copy what Rust does.

> C3 already has design by contract [@Ccocconut](https://github.com/Ccocconut) Oh, my bad!

There are so many UI frameworks out there. Perhaps gather a couple and have a list with cons and pros.

> Works for me. Here's [option A2 with text that matches the size and weight of the main actions](https://www.figma.com/design/RuFXslbqmGwi7nNgB90r4T/Beta-security-warning?node-id=2811-7539&t=WcLEKeMSEcHxkRL1-1). I prefer the last two, but I think the warning sign...

I believe https://learn.adacore.com/index.html should be added if it is not already. Contains lots of useful books for free! You can have it in PDF form too, all of it.

>  side channel, depending on how this is used, pretty exploitable one as well lol BTW this should use a constant-time base64 encode/decode and constant time comparison.

Oh, by the way, just for the curious, here is the C implementation of the constant-time base64/hex encoding/decoding that resists side-channel attacks: https://git.zx2c4.com/wireguard-tools/tree/src/encoding.c. If you need to check if a...