Rust open source code reviews

Cryptographically verifiable, distributed dependency reviews

Write new review

NEW! Freshly baked new GUI program: cargo_crev_reviews

Write cargo-crev reviews in a Graphical User Interface with a cross-platform app written in rust.

$ cargo install cargo_crev_reviews
$ cargo_crev_reviews


To write new crev reviews:
1. on your developer machine install $ cargo install cargo-crev,
2. create your personal crev ID $ cargo crev id new
3. on GitHub or GitLab fork the repo https://github.com/crev-dev/crev-proofs
Everything is cryptographically signed, so be careful to not forget the passphrase, there's no way to recover it.
Read the Getting Started Guide to know better.

Obsolete old helper to write reviews in VIM

Please, first read prerequisites.
Change uri to choose crate name and version like this /rust-reviews/review_new/{crate_name}/{version}/
- run the bash command (Click to Copy): 
$ cargo crev crate review -u --skip-activity-check num-traits 0.2.11.
- type your crev passphrase to unlock
- VIM will open in Normal mode
- delete the first cc 11 lines with repeating the VIM shortcut dd for delete line 

- in the browser on this webpage write a review in markdown 
- click on Export to yaml
- click on the yaml to copy on click the yaml text

Click to Copy this yaml text and paste it in your VIM editor:

- now in VIM type i to go into VIM Insert Mode 
- mouse right click to paste 
- Esc to go to VIM Normal mode
- type : to go into VIM command mode
- type wq to write and quit 
- now the encryption will kick in 
- Done. Easy?!

Let's repeat it faster, only the part in Vim:
dd * 10 i r_click Esc :wq
It is not so bad.

- check your new review locally $ cargo crev repo query review num-traits
- publish (push to GitHub) $ cargo crev publish

Now everybody can fetch and view your crev review.
On this web site the new review will be fetched once in the next hour.

By the way when you panic in VIM, type Esc and :q or :q! to exit or quit VIM ;-) 
Creating Package Review Proof

A Package Review Proof records results of your review of a version/release of a software package.


It is important that your review is truthful. At the very least, make sure to adjust the `thoroughness` and `understanding` correctly.
Other users might use information you provide, to judge software quality and trustworthiness.
Your Proofs are cryptographically signed and will circulate in the ecosystem.
While there is no explicit or implicitly legal responsibility attached to using `crev` system, other people will most probably use it to judge you, your other work, etc.
By creating and publishing proofs, you implicitly agree to other people freely using them.

Data fields

* `review` - review of particular version of the crate; 
  * `thoroughness` - time and effort spent on the review
    * `high` - long, deep, focused review - possibly as a part of a formal
               security review; "hour or more per file"
    * `medium` - a standard, focused code review of a decent depth;
                 "~15 minutes per file"
    * `low` - low intensity review: "~2 minutes per file"
    * `none` - no review, or just skimming; "seconds per file";
               still useful for a trusted or reputable project
               or when proof is created to warn about problems
  * `understanding`
    * `high` - complete understanding
    * `medium` - good understanding
    * `low` - some parts are unclear
    * `none` - lack of understanding
  * `rating`
    * `strong` - secure and good in all respects, for all applications
    * `positive` - secure and ok to use; possibly minor issues
    * `neutral` - secure but with flaws
    * `negative` - severe flaws and not ok for production usage
* `comment` - human-readable information about this review
              (e.g. why it was done, how, and `rating` explanation)

Other information

More recent proofs overwrite older ones.
This webpage currently helps write a simple review. 
More complex review can be crated in VIM with alternatives, issues and advisories and flags.
Eventually I will add this functionality also to this webpage.

Further reading

wiki page for more information and Frequently Asked Questions, or join
discussion channel.

© Luciano Bestia 2021, MIT Licence, Version: 2020.913.1245

Open source repository for this web app: https://github.com/LucianoBestia/cargo_crev_web/