# SSLAB Students
Cindy (@cindykimxp)
- https://github.com/in-toto/in-toto/pull/357
Kristel (@kristelfung)
- https://salsa.debian.org/reproducible-builds/debian-rebuilder-setup
Yuanrui (@SolidifiedRay)
- https://github.com/in-toto/in-toto/pull/364
- layout tool frontend (D3.js)
Benjamin (@itsbenwu)
- layout tool backend
Isha (@IshaDave)
- https://github.com/in-toto/in-toto/issues/365
- https://github.com/in-toto/layout-web-tool/issues/6
- https://github.com/in-toto/in-toto/blob/develop/layout-creation.md
TODO:
- split custody
- students should talk to each other
- slack channel? :heavy_check_mark:
- another slack channel?
- maybe they feel safer than on cncf
- student meeting once per week (let's aim for Wednesday, 10AM ET) :heavy_check_mark:
- cut Cindy and Kristel some slack over the sommer
- wait for
- Yuanrui to finish in-toto#364
- Isha to submit PR for in-toto#365
- maybe ask Benjamin to in-toto dev env and pick up https://github.com/in-toto/in-toto/issues/355
- later:
- ask Yuanrui and Benjamin
- to set up layout web tool
- browse layout web tool
- live instance, and
- issue tracker
- if that/what strikes their fancy
- point Isha to to layout creation issue + coding task (see below)
## GSoC
Christian (@shibumi)
Jesús (@51v4n)
## Coding Task
TODO: Add to https://github.com/in-toto/layout-web-tool/issues/6
```
*Coding Task: File Tracking for in-toto*
*Some Fun Context:*
The lab's in-toto <https://ssl.engineering.nyu.edu/projects#in-toto>
project provides a way to secure the coding supply chain so that each of
the steps in the process of producing and shipping code can be verified as
having been performed by someone trustworthy, and that the results have not
been tampered with by others in between steps.
*The Task:*
Given two 'snapshots' of a file structure -- 'before' and 'after' --
determine which files have been added, which have been removed, which have
been modified, and which have remained unchanged.
The metadata is provided as Python dictionaries. The keys in the
dictionary are filepaths, and the values are hexadecimal strings
representing the hashes of the corresponding files. The output should be
in the form of four lists of filepaths: 'unchanged', 'modified', 'added',
and 'removed'.
Your code should be readable and roughly follow these lab guidelines
<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_secure-2Dsystems-2Dlab_code-2Dstyle-2Dguidelines&d=DwIBaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=2YMLsMLCML1EOEAeVc1Mhx6J99vqRVHSnZUnatehIDg&m=T1EefQCGXPhKN2l9DCSKguE1LKHyP9Y543JHKKkfutM&s=f40BpW281emlkNlp5rYYxePW0PZZweghQKR98APCnSA&e=>. Don't worry
too much about style, but write code that is easy to read: provide comments
that explain why things were done one way or another -- comments that focus
on 'why' more than 'what'. I'll judge the code based on whether or not it
works for some sample sets, and whether or not it makes sense, is well
organized, and is well commented.
*Input Example:*
before = {
'one.tgz': '1234567890abcdef',
'foo/two.tgz': '0000001111112222',
'three.txt': '1111222233334444'
'bar/bat/four.tgz': '6677889900112233'
}
after = {
'five.txt': '5555555555555555',
'one.tgz': '1234567890abcdef',
'foo/two.tgz': 'ffffffffffffffff',
'bar/bat/four.tgz': '6677889900112233',
'baz/six.tgz': '6666666666666666'
}
*Output Example:*
unchanged = ['one.tgz', 'bar/bat/four.tgz']
modified = ['foo/two.tgz']
added = ['five.txt', 'baz/six.tgz']
removed = ['three.txt']
*Bonus:*
If you'd prefer to show off a bit, you can write your code to optionally
take a before and an after archive (zip, tar.gz, etc. -- your choice) and
calculate the 'before' and 'after' metadata yourself by calculating hashes
of the files provided. This is not at all required.
```