Scoop: Ask if user wants to review install script before installing packages
As we all know, Scoop buckets are maintained by volunteers. It's great that people put in that effort to help the community. But what if a volunteer's GitHub account gets hacked, because they haven't turned on two-factor authentication for example? The hacker could hide malicious code in a popular Scoop package that way. Or what if someone with bad intentions manages to become a contributor? If I'm not mistaken, there's no code review process and every volunteer can make changes without any form of scrutiny.
Making the contribution process stricter is one way to tackle that, but my feature request focuses on the end user's side. I use a package manager on Arch Linux that lets me install community-maintained packages and it has a feature to review the install script (in Scoop's case: a JSON file) before I continue.
My idea:
- I do
scoop install signal. - Scoop asks: "Do you want to review the install file first? [y/N]"
- If I answer yes, it opens in a text editor (vim/nano/less/notepad/whatever). After closing it, Scoop asks: "Still want to install this package? [Y/n]"
- If I answer yes, install continues as normal.
Would you guys be open to adding this check?
pieterdd
All 2 comments
It would be nice to see this as an option (using an environment variable or similar), but I don't think this should be the default. If you force it on people, most of them will always answer "no" when asked to review the manifest, so it's just an annoyance for them (which also makes unattended installations/updates more difficult).
Calinou
on 4 Nov 2018
Agreed that it shouldn't be an annoyance for people who don't want this. It also shouldn't break unattended installs. How about a global setting that controls whether this behavior is enabled, with the default being not to show a prompt?
pieterdd
on 4 Nov 2018
Related issues
Arnavion
路
3Comments
jpoehls
路
3Comments
bernstein82
路
3Comments
eBaeza
路
3Comments
vpratfr
路
3Comments
Most helpful comment
It would be nice to see this as an option (using an environment variable or similar), but I don't think this should be the default. If you force it on people, most of them will always answer "no" when asked to review the manifest, so it's just an annoyance for them (which also makes unattended installations/updates more difficult).