Scott Bailey

FWIW, here is a breakdown of these changes from our internal review... The idea is exactly the same for both regexes, so I'm just going to pick on the second...

This is extremely bizarre. codecov harassed me to add test coverage of the regex changes in this PR, but when I wrote them, I discovered that the regular expressions I'm...

> Are there any workarounds? This is not a complete workaround but has a beneficial effect in nearly all of our environments: ```sh # Enable API backoff and throttling #...

@cburton-godaddy, this is expected behavior for the current implementation. The trick is that tartufo only looks at the entropy of certain strings, namely those that appear to be hexadecimal or...

From a different thread, so it isn't lost in the shuffle: For example from my system's /etc/shadow file, obfuscated by swapping a few characters: ``` $1$SlhiQ2ZF$KusSU.GcrueRsVJXAj6zw1 ``` This would be...

Also, I neglected to mention above that regex-based testing is superior because we can report something like "md5crypt hashed password" instead of "high-entropy" (which might leave people guessing about why...

Well, I thought I'd share some analysis of this issue as we search for the best response to it. Let's start with the underlying assumption that's rarely laid out anywhere....

Hi @sadielbartholomew, I'm in roughly the same place (some tqdm experience, but not with click). I just looked at [the click doc](https://click.palletsprojects.com/en/8.0.x/utils/#showing-progress-bars) and it doesn't seem too dissimilar. FWIW, I...

Rejected. We are not going to rebase on top of an alpha release. :-O

I'm closing this PR; it's been sitting without action for over a year, and clearly: * users apparently aren't too upset about the existing behavior * we really don't need...