William Woodruff
William Woodruff
Please do! I've done some initial work in #265; feel free to crib from that if it helps.
Could you clarify what unrelated things are currently being grouped? The current mapping is from each load command’s ID to the parsed form, with a generic `LoadCommand` as fallback for...
I have, yeah. Incremental reads would certainly be beneficial in the read-only case (and probably wouldn't add too much complexity), but I'm not so sure about writing. I'm going to...
> But it seems wasteful to read the whole binary (sometimes many megabytes) just to extract the first few kilobytes Absolutely agree, and relying on hardware (SSDs) probably isn't sustainable....
For reference: the blight repo: https://github.com/trailofbits/blight
One point of confusion: `pip-audit` is already showing this vulnerability when using the default PyPI service, despite it not being present in this database. I guess that's because the PyPI...
> I believe you meant to link https://nvd.nist.gov/vuln/detail/CVE-2022-33124 and not the same GH Advisory as in the previous line. Ugh, that looks like GitHub being too clever: I actually didn't...
I will admit that I cannot think of a **good** technical reason for storing `__version__` in a separate file -- IME it mostly happens on projects where two mis-patterns interact:...
OSV provides a JSON schema [here](https://github.com/ossf/osv-schema/blob/main/validation/schema.json), so validating against that wouldn't be too hard 🙂
> > > > I had to use `FLIT_USERNAME=__token__` Yep, this makes sense: the `@token` name was removed before the beta ended.