Markus Rudy
Markus Rudy
**Which feature do you think can be improved?** The `genpolicy` binary. **How can it be improved?** `genpolicy` is a developer tool that does not necessarily run on the same system...
The spec mandated only the verification of digests in the response headers, not the requested digests. That allowed conformant clients not to validate content at all, leaving the users of...
# The use case Suppose I have a release workflow that builds reproducible container images, for example using [Bazel](https://github.com/bazel-contrib/rules_oci) or [Nix](https://ryantm.github.io/nixpkgs/builders/images/dockertools/) image builders. Reproducibility guarantees that I can rebuild the...
### Issue description The build process for the constellation images is not deterministic. During image creation, we add an additional system user `etcd` to the user database. The user's shadow...
### Issue description The build process for the `constellation` binary is not deterministic. The CLI embeds an OCI image manifest hash for `ghcr.io/edgelesssys/constellation/qemu-metadata-api`. One of the layers consists of files...
Ex: https://github.com/google/glome/actions/runs/13305087395/job/37154173485?pr=195 ``` Installing collected packages: cpplint Successfully installed cpplint-2.0.0 cli/commands.c:404: Add #include for puts [build/include_what_you_use] [4] cli/main.c:71: Add #include for fputs [build/include_what_you_use] [4] glome_test.c:25: Add #include for sscanf [build/include_what_you_use]...
The Rust CLI should be the canonical implementation, because: * It's quicker to iterate on features (e.g. adding a subcommand). * It's safer (memory, types).