You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
asdf can be a risk for supply chain attacks, since highly depending on plugins.
We should add a configuration option at the system-level that would:
allow/deny list asdf plugins: this would prevent using for instance the python plugin if only the go plugin is allowed
force repos/commits for some asdf plugins: this would for instance force using repo xxx for the python plugin, on commit yyy
Both of those should of course work together, if denying using the python plugin but allowing the python repo below, python would still not be allowed. By default, an allowed plugin would be with its default omni repo configuration unless other repos/commits specified for that plugin (i.e. allowing python would allow it with the default URL for it, if wanting to allow other URLs, they should be specified)
The text was updated successfully, but these errors were encountered:
asdf
can be a risk for supply chain attacks, since highly depending on plugins.We should add a configuration option at the system-level that would:
Both of those should of course work together, if denying using the python plugin but allowing the python repo below, python would still not be allowed. By default, an allowed plugin would be with its default
omni
repo configuration unless other repos/commits specified for that plugin (i.e. allowing python would allow it with the default URL for it, if wanting to allow other URLs, they should be specified)The text was updated successfully, but these errors were encountered: