Mastodawn

disturbing parallels between the definition of insanity and repeatedly mashing the "retry" button on my failed CI/CD jobs

yossarian (1.3.6.1.4.1.55738)1d ago

Filippo Valsorda 1d ago

Using an age keyserver as a demo, this article demonstrates how to add a transparency log to a centralized service step-by-step.

We use Tessera for the tlog, VRFs for privacy, and the Witness Network. It all takes just 500 lines to integrate!

The result of years of work making tlogs accessible.

https://words.filippo.io/keyserver-tlog/?source=Mastodon

Building a Transparent Keyserver

We apply a transparency log to a centralized keyserver step-by-step, in less than 500 lines, with privacy protections, anti-poisoning, and witness cosigning.

yossarian (1.3.6.1.4.1.55738)2d ago

zizmor 1.19 is released!

this release includes a new archived-uses audit, plus numerous span enhancements and a huge performance enhancement (over 100x) to the impostor-commit audit, as well as some bug fixes.

full notes here:

https://docs.zizmor.sh/release-notes/#1190

#rust #opensource

Release Notes - zizmor

Abbreviated change notes about each zizmor release.

yossarian (1.3.6.1.4.1.55738)2d ago

Andrew Nesbitt 2d ago

The fosdem package manager dev room schedule is now live: https://fosdem.org/2026/schedule/track/package-management/

FOSDEM 2026 - Package Management

yossarian (1.3.6.1.4.1.55738)2d ago

you don't say

yossarian (1.3.6.1.4.1.55738)4d ago

Douglas Creager 4d ago

Oh hey we launched a beta today! #ty #python https://astral.sh/blog/ty

ty: An extremely fast Python type checker and language server

ty is an extremely fast Python type checker and language server, written in Rust, and designed as an alternative to mypy, Pyright, and Pylance.

yossarian (1.3.6.1.4.1.55738)4d ago

yossarian (1.3.6.1.4.1.55738)5d ago

6 hour flight? perfect, that’s just enough time to watch Blade (1998) three more times.

yossarian (1.3.6.1.4.1.55738)Dec 13

Dependency cooldowns, redux

https://blog.yossarian.net/2025/12/13/cooldowns-redux

#security #oss

Dependency cooldowns, redux

yossarian (1.3.6.1.4.1.55738)Dec 8

Andrew Nesbitt Dec 6

The package manager in GitHub Actions might be the worst package manager in use today: https://nesbitt.io/2025/12/06/github-actions-package-manager.html

GitHub Actions Has a Package Manager, and It Might Be the Worst

GitHub Actions has a package manager that ignores decades of supply chain security best practices: no lockfile, no integrity verification, no transitive pinning

Andrew Nesbitt

website	https://yossarian.net
blog	https://blog.yossarian.net
github	https://github.com/woodruffw
bluesky	https://bsky.app/profile/yossarian.net