profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/bac/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

bac/amulet 0

Testing harness and tools for Juju Charms

bac/ansible-local-dev 0

Setup for testing and developing ansible playbooks locally

bac/bundlechanges 0

A Go library to generate the list of changes required to deploy a bundle

bac/bundleservice 0

A simple microservice exposing bundlechanges functionality as an API

bac/bundleservice-charm 0

Juju charm for bundleservice

bac/bundleservice-deb 0

bundleservice debian package source

bac/bundletester 0

A juju charm and bundle test runner

bac/charm-ci-configurator 0

Ci Configurator Charm

bac/charm-openstack-dashboard 0

Juju Charm - OpenStack dashboard

bac/charm-tools 0

Tools for charm authors and maintainers

issue commentpyupio/safety

Vendor dependencies to avoid CVE-2020-5252 issues

Hi Timothée, please review the linked CVE, which was filed by Pyup themselves and the link to pip in my comment.

Based on your comment I'm not sure you understood what I meant by "vendoring". I am suggesting safety track vetted versions of all of their dependencies in their repository and package. By doing that there is no way for a dependency author to sneak in a compromise.

bac

comment created time in a month