zero-archive icon indicating copy to clipboard operation
zero-archive copied to clipboard
verified publisher icon devsnek

HTTPS imports

Open devsnek opened this issue 7 years ago • 2 comments

devsnek avatar Jun 16 '18 21:06 devsnek

is this wise? should untrusted code be a security consideration? differences in trust between downloading+running vs just running

devsnek avatar Jun 16 '18 21:06 devsnek

Maybe add the ability to include a hash of what you expect the code to contain? At this point why even bother importing from https instead of downloading?

Or a signing cert for the code instead of just trusting the https, requires the code to be setup to be imported like this though.

Probably makes sense to wait for a use case for this.

macdja38 avatar Jul 09 '18 06:07 macdja38