Search
Saturday, 10th of July 2021, 21:01:08 UTC
3:01:36
beach
Good morning everyone!
4:26:30
leo_song
pjb: thanks, the only concern is just related to the mitm attack, I'm wondering the if the quicklisp check the signature of the dists or packages.
5:54:34
MichaelRaskin
leo_song: how strong is your threat model? I think it checks hashes, but it seems to only use weak hashes…
5:55:31
leo_song
if it has some signature mechanism, I'll be happy
6:03:03
MichaelRaskin
Well, signatures don't add that much over strong checksums downloaded over a safer connection (or verified across two connections)
6:03:22
MichaelRaskin
But checksums used are not strong
6:04:15
moon-child
how weak is weak?
6:04:42
moon-child
md4 weak, or sha1 weak?
6:09:39
MichaelRaskin
Hmm, weird, I am now not sure it actually checks the checksums
6:10:06
MichaelRaskin
It has a sha1 and and md5 for releases, but I cannot find where it checks either
8:18:35
utis
is there a library that can convert an xml document to an sexp?
8:21:52
shka
utis: yes, but usually using selectors is handier
8:22:37
utis
shka: ok, i had a look at lquery, but i guess i don't know enough about xml to make sense of the documentation
8:23:29
shka
gimme a second, i will show you blog post with good example
8:24:22
shka
html is not exactly the XML but you should get the point https://lispcookbook.github.io/cl-cookbook/web-scraping.html
8:26:01
Lord_of_Life_
** NICK Lord_of_Life
8:26:40
shka
utis: anyway, for just parsing xml you would want just plump
Sunday, 11th of July 2021, 9:01:08 UTC