Re: [RFC PATCH 2/2] Documentation: dev-tools: add kconfirm

Next message: Kuba Piecuch: "Re: [PATCH 07/17] sched_ext: Add topological CPU IDs (cids)"
Previous message: Maxime Chevallier: "[PATCH net-next] net: phy: aquantia: use ADVERTISE_XNP for extended next page advertising"
In reply to: Miguel Ojeda: "Re: [RFC PATCH 2/2] Documentation: dev-tools: add kconfirm"
Next in thread: Nathan Chancellor: "Re: [RFC PATCH 2/2] Documentation: dev-tools: add kconfirm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Gary Guo

Date: Tue Apr 28 2026 - 09:14:43 EST

On Tue Apr 28, 2026 at 12:51 PM BST, Miguel Ojeda wrote:
>
> Then I thought if the same would apply to `clap` etc., but then again,
> we may want to write more tools like this in Rust in the future (we
> already felt the pain in the past the pain of not having a e.g. JSON
> parser), and whether we could have a more general solution for this,
> including perhaps even a kernel.org registry (either as primary or
> not) etc.

Personally, I think if Internet access is needed, downloading from whatever
registry doesn't really matter as long as we can guarantee that it doesn't
download random packages. Cryptographic hashes would be sufficient for that.

For the part of "not downloading random packages" but only those that are
audited by kernel community -- it could be achieved by using cargo-vet and we
can maintain a shared list of vetted dependencies.

Best,
Gary