v1.0.0 release blockers

[tstromberg]

I think we should ship a v1.0.0 sooner rather than later, so I wanted to get an idea of what folks consider launch blockers. Here are my initial ideas:

• [x] transparent archive support (handle a directory of .tar.gz files) - cc @egibs
• [x] #208
• [x] #231
• [x] #232
• [ ] #233

[egibs]

transparent archive support (handle a directory of .tar.gz files)

~This may work already; I'll test it out and get back to you.~

Edit: Nope, I'll work on a PR!

[tstromberg]

Current stats for my macOS 14.4.1 test device, as measured with sudo go run . --stats /bin /sbin /usr/bin /usr/sbin /usr/libexec /opt/homebrew/bin /opt/homebrew/sbin:

Risk Level    Percentage Count/Total
2/MED             48.80% 1508/3090
1/LOW             36.25% 1120/3090
0/NONE            13.07% 404/3090
3/HIGH             1.78% 55/3090
4/CRIT             0.10% 3/3090

[tstromberg]

Looks like we're just above HIGH threshold on Fedora 38 (6.36%):

sudo $HOME/go/bin/bincapz --stats /bin /sbin /usr/bin /usr/sbin /usr/libexec/

[tstromberg]

I think we are probably there with wolfi false-positive rates. I only ran against the 'a*' packages due to #204 but the stats for them are:

0/NONE            37.82% 10093/26685                                                                                      
1/LOW             33.40% 8914/26685                                                                                       
2/MED             28.66% 7648/26685                                                                                       
3/HIGH             0.10% 26/26685                                                                                         
4/CRIT             0.01% 4/26685 

[tstromberg]

I've cleared out the old criteria that we mostly met already, and narrowed it down to 3 final things:

• Compatibility breaking changes #208 #231
• Noisy false-positives - #232
• Basic developer documentation - #233