Projects in the topic coding


Improve supplychain security in the build service

an idea by kbabioch

In the past I've worked on a set of scripts to identify potential for improvement of the supply chain within our build service. For now RPM files can be scanned for unused signature files that are available upstream and look for potentially unused https:// links, although they are available. These scripts work on a prototype-basis, but there is a lot of follow-up work to do, e.g.:

Updated over 4 years ago. 1 hackers ♥️. 1 follower. Has no hacker: grab it!

Tools to make keysigning fun again (replacement for caff)

an idea by kbabioch

There is a tool called caff, which is the de-facto standard when dealing with keysigning (on a large scale, e.g. after a key signing party). This tool hasn't been touch in years, is written and configured in Perl (hence cannot be read and/or maintained :smile:) and is not easy to package, because of a lot of dependencies, etc. It is not even available in our default repositories (at least for Tumbleweed). In general there seems to be a certain kind of frustration with this software, but there is no real alternative available yet. Ideally the new toolset should allow to organize a complete keysigning party, e.g. it should assist the organizer with:

Updated almost 5 years ago. 8 hacker ♥️. Has no hacker: grab it!

Extend urlwatch to support monitoring of GitHub (and other git) repos

an idea by kbabioch

I'm currently using urlwatch to watch for new releases in upstream projects. It monitors the output of a URL and notifies you about any changes. This works fine for URLs, but there is currently no official support for GitHub. Due to the nature of the GitHub webpages, there is a some change each time you access the page and it is difficult to come up with the right set of filters. Since there is an official API that can be used to ask for changes in a particular repository, it would be nice if urlwatch had support for it. I've worked on a prototype in the past, but never came around to cleaning it up, and making it configurable through urlwatch's configuration files. Upstream is interested in this feature and is willing to merge it.

Updated almost 5 years ago. 3 hacker ♥️. 1 follower. Has no hacker: grab it!