Kunal Mehta
Kunal Mehta
The onion-csr tool just looks like a wrapper around openssl, I suspect it's possible to do this with just plain openssl commands. The tricky part might be adding in the...
I reviewed both the cargo-crev and cargo-vet documentation, and while it seems less mature, my preference is for cargo-vet. cargo-crev is designed for individuals doing reviews, each person gets a...
I'm not exactly sure what the version support is, but we should take this opportunity to move toward deb822 sources: https://lists.debian.org/debian-devel/2021/11/msg00026.html I believe we can embed the key directly in...
This is probably a good task for a new contributor. Currently the user-agent checks are handled client-side in https://github.com/freedomofpress/securedrop/blob/develop/securedrop/static/js/source.js. Instead, we want to handle it server-side. Probably we could use...
@noumxn go for it!
I think it would be something we add to the source app's base template - https://github.com/freedomofpress/securedrop/blob/develop/securedrop/source_templates/base.html. The simplest way to pass information to all templates is probably to set it...
All good, thanks for being upfront and the PR. Even if this task is taken by then, I'm sure we can find another thing for you to work on :-)
I'm still looking around, but authlib seems very heavy for our pretty minimal needs. I think something smaller that just does JWT/JWS might be a better fit? E.g. https://github.com/jpadilla/pyjwt Via...
I reviewed the libraries listed at : * pyjwt: Clean and straightforward API, code looked to be implemented correctly. No red flags in [past security issues](https://security-tracker.debian.org/tracker/source-package/pyjwt). * python-jose: fork of...
My preference is for per-file license information to facilitate copying/reuse in both directions, us wanting to copy stuff and others wanting to copy our stuff. I've done enough complete copyright...