|
|
|
|
|
|
by MultifokalHirn
82 days ago
|
|
|
I had copilot take a look through your repository, I will link its finding at the bottom. as a tl;dr for anyone who got interested by the sales pitch of the website: "DevMem is a moderately clever idea — tying AI-generated documentation updates to git commits is a legitimate problem worth solving — expressed in a Go codebase that is not yet production-ready, does not compile as committed, contains a material security misrepresentation in its documentation, and ships approximately one-quarter of the features its website describes. ... The marketing website is polished to a degree inversely proportional to the maturity of the code behind it. The claims about credential security are not merely aspirational — they describe a specific technical mechanism ("macOS Keychain", "system credential store") that simply does not exist in the implementation. Users who trust that claim may store secrets in a file that is one cat command away from exposure." https://github.com/MultifokalHirn/DevMem/blob/copilot/write-... |
|
|
i had planned for the security to store that in !