Merge rust-bitcoin/rust-bitcoin#1098: Add cargo crev reminder to readme

ded1a32a59 Add cargo crev reminder to readme (Tobin C. Harding)

Pull request description:

  As suggested by the `cargo-crev` project; add a comment to the readme reminding people to use `cargo-crev` to check their dependencies.

  ### Notes

  Today I explored `cargo-crev`, it was new to me before today. I completed proofs for `bech32`, `rust-bitcoinconsenus`, `bitcoin_hashes`, `rust-secp256k1`, and `rust-bitcoin`. I published the proofs to https://github.com/tcharding/crev-proofs.

  If I'm understanding correctly proofs are only useful if the author is connected to a web of trust. So far I only found @dpc within the active rust-bitcoin devs with a `crev-proofs` repo (that includes an ID). Since he wrote `cargo-crev` its not surprising he has one :) Two other devs have `crev-proofs` repos but they are both incomplete (no ID) so I was unable to climb onto their web, so to speak. I am not a particularly well know dev so I imagine it would be more useful if some of you more well know fellas publish proofs as well.

  If we can get a web of trust between all the regular hackers here then we can start doing reviews/proofs of our dependencies and publishing them.

ACKs for top commit:
  Kixunil:
    ACK ded1a32a59
  apoelstra:
    ACK ded1a32a59
  sanket1729:
    ACK ded1a32a59

Tree-SHA512: c2d3b195a522095fcabcf51bb956b339f3a421541652f646f8e56286ebf850aa106d4acbf4defd344b5b0f57dd9626d1dbafe50c9d54b1436fd9e2c8b434fc07
This commit is contained in:
sanket1729 2022-07-19 14:46:43 -07:00
commit e2b038bf3d
No known key found for this signature in database
GPG Key ID: 648FFB183E0870A2
1 changed files with 3 additions and 0 deletions

View File

@ -31,6 +31,9 @@ Supports (or should support)
For JSONRPC interaction with Bitcoin Core, it is recommended to use
[rust-bitcoincore-rpc](https://github.com/rust-bitcoin/rust-bitcoincore-rpc).
It is recommended to always use [cargo-crev](https://github.com/crev-dev/cargo-crev)
to verify the trustworthiness of each of your dependencies, including this one.
## Known limitations
### Consensus