@ericjmorey
@programming.devI'm hoping uv is able to make itself to Python what Cargo is to rust.
Seems like Pixi is close but confined to the Conda ecosystem.
How would that provide additional security in the particular circumstance of someone having access to the Signal encryption keys on someone's phone?
A secure enclave can already be accessed by the time someone can access the Signal encryption keys , so there's no extra security in putting the encryption keys in the secure enclave.
FYI Submitting an image in the Lemmy "create post" submittion form overrides the URL feild. I'm not sure if anyone submitted a bug about this.
Any thoughts on how to get this up and going?
Someone is going to need to pull a lot of weight in planning, organizing, and leading these meetings, presentations, and projects.
I find that unless you communicate the time and financial cost expectations to participate in groups like this, you'll get a lot of people who are marginally interested and attached to the group and it's purpose. Which may or may not be important in a successful endeavor.
What would we need to do on our first meeting together?
Discuss the questiona you've raised here.
What things would you want to learn in this course? It seems to me that many of us are already quite literate in sub-domains of what we are interested in. Maybe a teacher carousel routine could be adopted? Where we adopt a general “roadmap” curriculum, and, in an ad hoc fashion, assign people to be the instructor for the desired lesson?
This is a what I mean by someone pulling a lot of weight, a teacher carousel has a slim to none chance of working out. One person is going to need to define and implement the vast majority of the curriculum. They'll need to do a lot of research and work in advance.
I've read that. Defining a supplier as someone with whom you have a direct business relationship with seems intentionally narrow in an unhelpful way that just further muddies the waters around the issue at hand. Making something generally available to others means that you're supplying others with that thing. While it's true that you may have no further obligations to those that receive your software, the person receiving the software needs to evaluate their risks around using and depending on that software regardless of the existence of a business relationship with the supplier. Hence supply chain risk evaluation is always necessary. That risk evaluation, or lack thereof, can result in a security problem. These problems can propagate widely within a software ecosystem. This is true with and without the existence of direct business relationships between suppliers and recipients of software.
The whole article can be summarized by saying if you want support services related to the software written by others, negotiate a support agreement related to that software. That has nothing to do with taking a wide or narrow interpretation of the word supplier.
Developers should think about what libraries they trust, but it seems that most of the time they'll choose whatever is most convenient for handling the immediate problems they're working to solve.