add sops (mozilla-services/sops)

[adrianosela]

SOPS is an encryption at rest -- secrets management solution -- which allows teams to access secrets in encrypted files by having a minimum number of keys as per configuration, for example a personal PGP key and a shared AWS KMS or GCP KMS key.

• github.com repo: https://github.com/mozilla-services/sops
• godoc.org: https://godoc.org/go.mozilla.org/sops
• goreportcard.com: https://goreportcard.com/report/github.com/mozilla-services/sops
• coverage service link: https://gocover.io/go.mozilla.org/sops
  Note that even though test coverage is hovering around the 50%, it is an in-production repository maintained by a dedicated team of professional engineers at Mozilla.

Make sure that you've checked the boxes below before you submit PR:

• I have added my package in alphabetical order.
• I have an appropriate description with correct grammar.
• I know that this package was not listed before.
• I have added godoc link to the repo and to my pull request.
• I have added coverage service link to the repo and to my pull request.
• I have added goreportcard link to the repo and to my pull request.
• I have read Contribution guidelines, maintainers note and Quality standard.

[avelino]

Review all reportcard topics pls

[kirillDanshin]

I believe that due to a delay with the review this project got some new issues with the go lint. They needs to be fixed or at least discussed before merging.

I took a look in the tests and I this that the tests looks reasonable. Maintainers just omitted some functions with something like x := make([]byte, 32); rand.Read(x), so there's no reason to seriously test that, it's like writing tests for the language itself and for the stdlib.

[adrianosela]

@kirillDanshin The lint fixes are already in the "development" branch of SOPS. Whenever the team decides its a good time to cut a new release, they will be merged to master

[kirillDanshin]

Actually, as I can see the PRs mentioned here are merged in master

[adrianosela]

@kirillDanshin

[kirillDanshin]

@adrianosela here's your commit in sops master: getsops/sops@4b99fa1

Here's the current goreportcard golint:

I saw your commits from that PRs in the master before typing in previous message :)

I think what we can do here is just get them a golint in their CI, so the maintainers can monitor golint warnings before merging pull requests, and we can also fix current issues. Unfortunately, I'm not sure if I'll be able to send them a PR in the near future, so if anyone reading this have some spare time, then go ahead – sops is a great project

[adrianosela]

@kirillDanshin You are correct, my mistake. @avelino SOPS moves too fast to be squashing lint fixes, and the CI on it doesnt require them. How do we move on from here? I believe given that it is a project maintained by a large org (Mozilla) we should let it in; what do you think?

[avelino]

We must presar for quality libraries (I assume this as a premise), not all software/library maintained by large corporations has quality (or thing to be improved).
If it does not meet the minimum quality we are asking for me should not enter, We're not asking much but the least

[avelino]

@adrianosela I saw that you are a project contributor, when you have time to leave the project with the minimum quality we ask to open a new PR please