Comments (5)
mtbc
commented on July 26, 2024
Thanks! Thinking of more than just workflows, could be Gemfile, etc. too (what else?): though, also, to avoid maintenance headache, could simply be a note of where to look for dependencies and how to find them in those places, e.g., "look for uses: in .github/workflows/"!
from usrse.github.io.
vsoch
commented on July 26, 2024
I would argue that Gemfile, requirements.txt, are doing exactly that job, and people know to look for them. It seems more error prone to reproduce that information somewhere else and then need to update two places, and probably forget to do one so the second place is wrong.
I guess as a developer I know to look for these files, but if you think it would be helpful you can write a dependencies section and say "to look for Python dependencies, see X. for ruby, see Y, and workflows, see Z."
My impression is that we have pretty good docs in the README and the main problem is that people don't read them, lol.
from usrse.github.io.
mtbc
commented on July 26, 2024
Aha. I keep being surprised by where I find dependencies but you may be right that, for anyone who actually needs to check them, they already know where to look!
from usrse.github.io.
vsoch
commented on July 26, 2024
@mtbc I'm actually working on software for this (just stumbled on the issue!) check out https://github.com/vsoch/citelang. I haven't added support for gem deps yet, but definitely could if there are suitable APIs available. But indeed it supports GitHub and that sort of thing - here is a current png for our org, first just from the GitHub dependency graph (up to a certain amount of credit / cutoff for just one level)!
And here is where I made the credit cutoff SUPER tiny so we can go in multiple levels of dependencies! Yes, a monster, lol.
Just imagine if there were no cutoff...
I do have a basic set of GitHub actions so far, so if we ever wanted an automated graph or even listing I can make that happen.
from usrse.github.io.
mtbc
commented on July 26, 2024
That is really neat, thank you. The synergy between the secvuln aspect and the due credit aspects had not occurred to me. Of course, for the former, even a simple listing is probably good, could even be grepped or someday fed into an automated checker.
Now I wonder how to graphically show that dependencies themselves share a dependency. Let's not open that can of worms!
from usrse.github.io.
Related Issues (20)
- "Add to Calendar" creates entries at the wrong time HOT 12
- Add a page on RSE internship opportunities HOT 2
- New data source for membership counts
- Recommended format for listing times in multiple timezones HOT 4
- Adding speaker series HOT 4
- Add style guide to README HOT 1
- Make preview links on PRs more prominant? HOT 2
- Add wikipedia links to skills? HOT 1
- Facebook and LinkedIn "Share buttons" on blog posts are broken HOT 4
- Footnotes font size is too small to read comfortably HOT 1
- Make transparency log easier to find HOT 2
- Add link to YouTube Channel in Footer HOT 4
- Make Affinity Groups Easier to Find
- Should we use the all-contributors bot on this site? HOT 1
- Fix jump-to-section alignment on website HOT 2
- Add images HOT 4
- Add images for staff page HOT 3
- Bundle install error in website development container
- The menu bar is wider than the minimum width which makes the support and join buttons invisible at some widths HOT 2
- Show election candidates in varying order HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from usrse.github.io.