Tony Arcieri
Tony Arcieri
I think it would probably be okay for `Zeroizing` to be `#[repr(transparent)]` and have a public constructor that takes a mutable reference `&mut T` to its inner value and casts...
I'm not sure I want to add a bunch of unsafe methods to `Zeroizing`. Maybe just add `#[repr(transparent)]` for now.
> The main argument here is that transparency is an independently valuable property, one that TUF can't (at present?) provide. I know Sigstore has already been discussed, but I believe...
> In discussion, people recognized this as a big ask and were concerned about it being difficult to do a good job at this. At the same time, nobody as...
It would be good to talk about Bleichenbacher attacks in the documentation
> Is there any interest in merging these changes back upstream? The main thing that seems tricky about upstreaming this is the lack of a CI story. Is there any...
> If you use a hosted runner, you can have whatever hardware you want, but you have to pay the maintenance costs that come with that. I don't think there...
The existing tags should probably be namespaced like `curve25519-dalek/vX.Y.Z` or `curve25519-dalek-vX.Y.Z` and the old ones deleted. You might be able to write a script or something that can tag the...
It’s unclear to someone who doesn’t know the history of the repo that the non-namespaced pre-4.x tags are for curve25519-dalek. Renaming/namespacing them isn’t that hard.
We can add support for this. It should follow RFC8410: https://datatracker.ietf.org/doc/html/rfc8410#section-7 You can reuse the implementation from the `ed22519` crate. It's the same encoding. I guess just copy and paste...