Dimitri John Ledkov
Dimitri John Ledkov
> Fwiw, I would prefer a build tag... Ack! Let me try to submit a build tag upstream.
> > This also has a nice compliance side effect - the only other cryptography modules pulled in are crypto/rand and crypto/sha1 neither of which are used to protect information...
This might evade scanners as they will no longer report vulnerabilities for shared libraries. This might work if the ELF note metadata from all the shared libraries is included in...
I also noticed something else, kernels that have a given module not compiled at all still trip up the rule - for example kernel compiled with CONFIG_CRAMFS=n still trips up...
/var/lock is a thing. /usr/tmp seems to be absent on Ubuntu. Does any other Linux distribution ship /usr/tmp?
URLs that match git-checkout repository could be automated by making a change to https://github.com/chainguard-dev/melange Or indeed we can mass extract and mass commit them. URLs that point to a homepage...
I think first maintainers of melange would like to automate setting url field to the default/first git-checkout or fetch pipeline url. As that will automatically cover majority of things. If...
I am not sure I understand what test_ssl_old is doing => in many cases it specifies multiple providers, but then only loads one of them not both.
Also even with a FIPS module it exists 1. Many automated distribution testing systems expect binaries to exit 0 upon --help / --version calls.
In elastic builds I believe all builds are done first, then tests. We could adopt same for GHA builds too. Not sure how much work that would be.