Comments (6)
I agree that we should not overcomplicate this, I just want to display a warning on console, nothing more :)
For runtime dependency on dotnet script I was thinking of doing that in a second part or integrate it directly in Pretzel.
Anyway, we can leave it for now :)
from pretzel.
Nice idea, that is an old dream of me
But that could be dangerous, we allow anyone to download virtually any files packaged on nuget with the right tag. We need at least to display a warning.
We also need to think about a (simple) dependency system, for plugins needing ScriptCs (dotnet script in a near future).
from pretzel.
Nice idea, that is an old dream of me
😄
Always wanted to build something like this
But that could be dangerous, we allow anyone to download virtually any files packaged on nuget with the right tag. We need at least to display a warning.
Package signing could be the solution to this. But on the other hand: we do that all the time.
But we should at least hash the packages and compare it with a base line to avoid package spoofing.
We also need to think about a (simple) dependency system, for plugins needing ScriptCs (dotnet script in a near future).
If we just follow the dependencies of the nuget packages, plugin authors could just define their dependencies in their package.
from pretzel.
Package signing could be the solution to this. But on the other hand: we do that all the time.
But we should at least hash the packages and compare it with a base line to avoid package spoofing.
That can check integrity and identity but we should signal that we haven't validate/check these plugins and cannot guaranty that they are safe.
If we just follow the dependencies of the nuget packages, plugin authors could just define their dependencies in their package.
I haven't thought of that, that could do it but since it is runtime dependency I think we will have to treat it specifically.
from pretzel.
That can check integrity and identity but we should signal that we haven't validate/check these plugins and cannot guaranty that they are safe.
We can check how the cake guys treat this problem.
I haven't thought of that, that could do it but since it is runtime dependency I think we will have to treat it specifically.
We could advise plugin authors to use Fody.ILMerge instead of fetching dependencies or the new AssemblyLoadContext in netcore3.0 (I'm not sure about net4 support on this).
from pretzel.
But I think we should not overcomplicate, throw in a prototype, check integrity and see if plugin author's will jump on :)
I have a few new plugins in mind and would love to built this feature. Of course manual plugins should work as before.
from pretzel.
Related Issues (20)
- Fix warnings in tests produced by xunit analyzer HOT 1
- Target net462
- Replace ScriptCs by dotnet script HOT 4
- Replace dependencies whish doesn't support netstandard HOT 23
- Release as dotnet core global tool
- Upgrade System.IO.Abstractions to >= 6.0
- Multitarget Pretzel & Pretzel.Tests to net462 & netcoreapp2.2
- Use System.CommandLine.Experimental instead of NDesk.Options
- Use Pretzel and Github Pages for Pretzels own doc's. HOT 21
- Use System.Composition.Convention to simplify plugin development & maintainance HOT 3
- Idea: Liquid components / Razor components HOT 2
- Add release notes on website HOT 1
- Document the release process
- My Post in the dotnet advent HOT 2
- pretzel create is broken if used as global tool on netcoreapp3.0 runtime
- pretzel taste throws PlatformNotSupportedException as global tool when a file is changed
- Make it possible to specify custom mime types for taste
- New release HOT 1
- Virtual Directory Support and Protocol-relative URLs HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pretzel.