07:44 <Wanddsd> I think manual memory management isnt that bothersome. It's the safety that is important, either I want total safety from a GC, from a perfect memory leak detection system or from some other type of static analysis like Rust. Just telling me "dont make mistakes" is really not enough in 2017 (imo)

13:30 <zignube> Is there any intent for ziglang.org to publish a public key and use it to sign downloads?

13:54 <Graven> Hi

13:54 <Graven> im new ;)

16:05 <andrewrk> Hi Graven

16:06 <andrewrk> zignube, the downloads are over https

16:06 <andrewrk> I'll see how much work it is to make the whole site https

16:12 <zignube> andrewrk: I'll take that as a "No" then. Interesting looking language, I hope it succeeds.

16:15 <andrewrk> zignube, I mean you can always compile it yourself. That's the only way to be 100% sure the private key wasn't compromised

16:16 <andrewrk> typically the way that package managers solve this problem is to save the hash of the download once, verify the contents, and make sure future downloads match that hash

16:19 <zignube> zignube: well, yes, that would be preferable to downloading a binary I guess, but I'd still feel safer with that signature. Perhaps I misunderstand, but it would tend to avoid trouble like that reported here,

16:19 <zignube> http://www.theregister.co.uk/2017/10/20/a_total_system_os_reinstall_is_the_only_guaranteed_way_to_totally_rid_your_system_of_this_malware_this_is_a_standard_procedure_for_any_system_compromise_with_the_affection_of_administrator_account/

16:20 <andrewrk> I'm only looking at the URL, but this is relevant only if malware gains root access

16:20 <zignube> Oh sorry, s/zignube:/andrewrk:/

16:21 <zignube> andrewrk: I daresay you're right. Thanks for answering my question.

16:21 <andrewrk> I'll try to work binary signing into future releases

16:21 <andrewrk> it's a bit of work to set up

16:22 <andrewrk> right now ziglang.org provides a hosting service for release binaries but not a verification service

16:24 <zignube> andrewrk: I don't mean to be more annoying than necessary, but.. isn't it just a matter of adding a .sig file alongside the main download? The pub key I guess you'd need to publish for a while to get it established, so to speak, so if an attacker tries to replace it too then people can notice something odd happened. Not trivial in all, I have to admit.

16:25 <andrewrk> zignube, and why is that .sig file to be trusted and not the binary served by the exact same host?

16:25 <andrewrk> if an attacker can compromise the binary download, they can compromise the .sig download

16:25 <andrewrk> and provide their public key instead of mine

16:26 <zignube> andrewrk: they can indeed do those things. But when I verify, my gpg installation will warn me that the signature isn't one I have in my keyring, assuming I already downloaded your valid public key. That would make me wonder what's going on and probably come here to ask.

16:27 <zignube> If that makes sense... I mean, provided I have your valid public key, an attacker can't sneak past that.

16:27 <andrewrk> interesting, that's pretty reasonable

16:28 <zignube> Well, unless that attacker gets your private key too. That would be bad, but if you can make a new programming language I'm pretty sure you're clever enough to keep a key safe.

16:59 <GitHub51> [zig] andrewrk pushed 1 new commit to master: https://git.io/vdNUL

16:59 <GitHub51> zig/master b3d12d2 Andrew Kelley: zig build: fix system libraries not respected for C artifacts...

17:04 <GitHub5> [zig] andrewrk pushed 1 new commit to master: https://git.io/vdNUz

17:04 <GitHub5> zig/master 9b91c76 Andrew Kelley: std.fmt.format supports ints smaller than u8...

17:15 <GitHub160> [zig] andrewrk pushed 1 new commit to master: https://git.io/vdNUh

17:15 <GitHub160> zig/master 1758939 Andrew Kelley: fix compiler crash regarding type name of undefined...

19:46 <GitHub117> [zig] andrewrk pushed 1 new commit to master: https://git.io/vdNYH

19:46 <GitHub117> zig/master a1af7cb Andrew Kelley: report compile error instead of crashing for void in var args...

20:41 <andrewrk> tankfeeder, do you remember, was there an issue for the performance regression recently?

20:48 <GitHub103> [zig] andrewrk pushed 1 new commit to master: https://git.io/vdNsM

20:48 <GitHub103> zig/master c164235 Andrew Kelley: parse-c: improve performance...

20:48 <andrewrk> I just did a performance improvement on the C parser. Building tetris just went from 5.3 seconds to 0.76

21:36 <mjacob> andrewrk: good to know that someone is trying to add a "stack size function" into a programming language

21:37 <mjacob> andrewrk: i have some ideas / comments which are a bit too off-topic for the llvm mailing list, but i'm happy to discuss them here

22:06 <tiehuis> setting the OS/ABI in the elf header to FreeBSD allows the hello world to run as expected, so doesn't seem a major

22:56 <andrewrk> mjacob, I'd like to hear them

22:56 <andrewrk> although I'm going to be AFK for a while

22:57 <mjacob> andrewrk: i need some food before being able to discuss :)

22:57 <mjacob> andrewrk: let me know when you're back; maybe i'm still awake then

22:59 <andrewrk> mjacob, there is also https://github.com/zig-lang/zig/issues/157

22:59 <andrewrk> I can respond asynchronously

23:00 <mjacob> sure, i'll will wrote down the idea and we can defer the "interactive discussion" to later

23:00 <mjacob> s/idea/ideas/