Skip to content
This repository has been archived by the owner on Feb 8, 2021. It is now read-only.

Securities feature #5

Closed
ickc opened this issue Jan 14, 2017 · 1 comment
Closed

Securities feature #5

ickc opened this issue Jan 14, 2017 · 1 comment
Labels
agreed? todo

Comments

@ickc
Copy link
Member

ickc commented Jan 14, 2017
edited
Loading

Split off from #2:

  1. trust 3rd party package manager (e.g. pip, cabal), because we cannot do anything about this.

  2. For simple package that pandocpm install directly, either

    1. point to a particular commit (security by SHA-1 and by our sanitization in pull request of formula)

    2. point to a centralized repo (see An optional centralized repository for simple packages #8) that I might create later, under pandoc-extras. In this case it can point to the latest commit. (security by our sanitization in pull request to that repository)

Edit: It almost goes without saying: https should be required in any urls.
This was referenced Jan 14, 2017
Open
Closed
@ickc
Copy link
Member Author

ickc commented Jan 21, 2017

@sergiocorreia, I guess this is considered to be finalized? I'll close it for now and if you have objection you can reopen it.

@ickc ickc closed this as completed Jan 21, 2017
@ickc ickc mentioned this issue Jan 23, 2017
Open
5 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
agreed? todo
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ickc