Asdf: Ensure plugins authenticate downloaded files

Created on 12 Feb 2017  路  3Comments  路  Source: asdf-vm/asdf

A few plugins seem to be maintained as part of asdf-vm. Please ensure that those plugins properly authenticate downloaded files.

picture ypid

All 3 comments

@ypid good catch.

We have a plugin-test command that ensures plugins work properly and meet our standards. Can you think of a way to automatically check for HTTP downloads in our plugin-test command? I suppose we stub curl and wget and see what arguments they are passed. If it's not automated it's probably not going to happen...

Stratus3D picture Stratus3D on 7 Mar 2017
1

The easiest and most effective step would be to check all source code of plugins and enforce that no unauthenticated legacy HTTP connection attempts are to be made. Ref: https://github.com/asdf-vm/asdf-nodejs/pull/16

And maybe a warning could be given if no gpg command is used which is commonly used to verify signatures.

ypid picture ypid on 7 Mar 2017
1

I will close this issue, as it has been inactive for a long time now.
If there is still interest, please feel free to open a new issue.
Thank you!

danhper picture danhper on 24 Mar 2019
👎1 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dmlemos picture dmlemos  路  3Comments
gmile picture gmile  路  3Comments
jthegedus picture jthegedus  路  3Comments
pachun picture pachun  路  3Comments
rhiroyuki picture rhiroyuki  路  3Comments