Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

system config: allow to add constraints related to asdf plugins #600

Open
XaF opened this issue Jun 23, 2024 · 0 comments
Open

system config: allow to add constraints related to asdf plugins #600

XaF opened this issue Jun 23, 2024 · 0 comments
Labels
enhancement New feature or request security

Comments

@XaF
Copy link
Owner

XaF commented Jun 23, 2024

asdf can be a risk for supply chain attacks, since highly depending on plugins.

We should add a configuration option at the system-level that would:

  • allow/deny list asdf plugins: this would prevent using for instance the python plugin if only the go plugin is allowed
  • force repos/commits for some asdf plugins: this would for instance force using repo xxx for the python plugin, on commit yyy

Both of those should of course work together, if denying using the python plugin but allowing the python repo below, python would still not be allowed. By default, an allowed plugin would be with its default omni repo configuration unless other repos/commits specified for that plugin (i.e. allowing python would allow it with the default URL for it, if wanting to allow other URLs, they should be specified)
@XaF XaF added enhancement New feature or request security labels Jun 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@XaF