woodruffw
- Karma
- 0
- Created
- ()
- Submissions
- 0
- You shouldn't trust Trusted Publishing (blog.yossarian.net)
- We hardened zizmor's GitHub Actions static analyzer (blog.trailofbits.com)
- Listen to PyPI (miketheman.github.io)
- Brocards for Vulnerability Triage (blog.yossarian.net)
- Open Source Security at Astral (astral.sh)
- Some Flexibility with Go's Sumdb (blog.yossarian.net)
- Serde's borrowing can be treacherous (yossarian.net)
- Moving Beyond the NPM Elliptic Package (soatok.blog)
- Python's splitlines does more than just newlines (yossarian.net)
- Safari has built-in WebDriver support (yossarian.net)
- Supply chain attacks are exploiting our assumptions (blog.trailofbits.com)
- Dear GitHub: no YAML anchors, please (blog.yossarian.net)
- Fun with Finite State Transducers (blog.yossarian.net)
- Show HN: Zizmor, static analysis for GitHub Actions (docs.zizmor.sh)
- Bypassing GitHub Actions policies in the dumbest way possible (blog.yossarian.net)
- Preserving old GitHub Pages URLs while migrating a repo (yossarian.net)
- Making PyPI's test suite 81% faster (blog.trailofbits.com)
- A New ASN.1 API for Python (blog.trailofbits.com)
- Any program can be a GitHub Actions shell (yossarian.net)
- Open Tech Fund vs. Kari Lake [pdf] (opentech.fund)
- Benchmarking OpenSearch and Elasticsearch (blog.trailofbits.com)
- When NULL isn't null: mapping memory at 0x0 on Linux (disconnect3d.pl)
- Don't Recurse on Untrusted Input (blog.trailofbits.com)
- Homebrew's new Git signing key (brew.sh)
- PyPI Now Supports Project Archival (blog.pypi.org)