Comment on tupd 0.6 - small bugfix
ramielrowe@lemmy.world 5 months ago
Gotta be honest, downloading security related software from a random drive is sending off sketchy vibes. Fundamentally, it’s no different than a random untrusted git repo. But, I really would suggest using some source control rather than trying to roll your own with diff archives.
Likewise, I would also suggest adding in some unit and functional tests. Not only would it help maintain software quality, but also build confidence in other folks using the software you are releasing.
S_S@lemy.lol 5 months ago
I totally agree it is no different than a random untrusted git repo, so I believe no additional trust is gained if I uploaded it to any of them
I think version control this way is totally fine, every commit in the linux kernel is mailed as a text diff on the different mailing lists
As of trusting this or any security related software I believe you have to ultimately read and understand the software you are using, or someone you trust has to do it, I can’t do that, I can only answer questions as they arrive
I also agree unit tests are probably a good idea for those reasons as well, I don’t have any right now but I’m open to do them some time or receive patches with them
I like your feedback, thanks for it
ramielrowe@lemmy.world 5 months ago
Git was literally written by Linus to manage the source of the kernel. Sure patches are proposed via mailing list, but the actual source is hosted and managed via git. It is literally the gold standard, and source control is a foundational piece of software development. Same with not just unit tests, but functional testing too. You absolutely should not be putting off testing.
S_S@lemy.lol 5 months ago
I’ve done a lot of testing, not skipping that, writing automated tests are a whole different thing however, it is not as straight forward and is very often skipped for a large amount of projects to be honest
Git was made to handle the sheer amount of commits and people contributing to the linux kernel, the first versions of linux is just Linus uploading the code to a FTP, git is just a tool for Linus to patch his local git tree in a fast way with all the patches he gets from different channels and manage a large public repository
Unlike Linus I’m not planning to be of control of a public development process for my software, so a VCS doesn’t make much sense in my opinion
Before git it was far from standard to use a source control system on small projects that weren’t about to be a public development process anyway, while it is a gold standard for source control today, I don’t think one have to use source control on every software project, like it used to be