Jonas Finnemann Jensen

>> Signing of version-listing responses from pub.dev using a key held by pub.dev (making mirrors less sketchy) > > I assume this is about servers like the pub proxy for...

Sorry, this got a bit long :rofl: If we want to do end-to-end signing I think we should figure out: * Threat model * What do want to protect against?...

Yes, I'm down with adding this to `package:sanitize_html`, feel free to make a PR. ------- But I don't see this in: https://github.github.com/gfm/ OR: https://github.com/gjtorikian/html-pipeline/blob/main/lib/html/pipeline/sanitization_filter.rb I'm not inclined to support tags...

I don't think we should add more parameters to this messaging. But perhaps we can improve the message, I think we're open to that. ---------------- As I understand it the...

Adding parameters makes things more complicated. I was in doubt about whether or not to add the custom message in the first place :) But I figured that a tiny...

@sigurdm is it possible we changed something in `dart pub deps`?

Or maybe around `ensureUpToDate/assertUpToDate` where we no longer check if the YAML file actually exist?

I'm closing this because it's unclear if this will be useful for `analysis_server`. The problem is that even if analysis_server can inject the fix into `pubspec.yaml` and `pubspec.lock`, it won't...

Hmm, on second thought if the IDE only updates `pubspec.yaml`, then the IDE should encourage the user to run `dart pub get` because modification-times has changed. So maybe this isn't...

@pq what is the time budget available for generating a quick-fix? How fast would `dart pub add --json --dry-run` have to be, for this to be an option?