notation icon indicating copy to clipboard operation
notation copied to clipboard

Published 20 hours ago verified publisher icon notaryproject

Don't overwrite files if file exists unless explicitly indicated by user

Open iamsamirzon opened this issue 2 years ago • 2 comments

This issue is created to replace a finding in #93. Refer example here . https://github.com/notaryproject/notation/pull/83#discussion_r705755110

Desired Resolution

Search through all code in Notation, Notation-go, Notation-go-core and before creating a new file, check for its existence before overwriting it. And unless specifically asked by the user don't overwrite it.

iamsamirzon avatar Aug 04 '22 15:08 iamsamirzon

Went through all existing code. Currently, we are not overwriting any files except updating config files.

The original comment was there for docker plugins. However, those plugins have already been removed.

shizhMSFT avatar Aug 25 '22 15:08 shizhMSFT

Reopen the issue as notation sign has an --output option for local signing and may overwrite file. However, I think we don't need user confirmation as per common Unix / Linux experience.

shizhMSFT avatar Aug 25 '22 15:08 shizhMSFT

Closed, and create new issues for different scenarios if needed.

yizha1 avatar Apr 26 '23 08:04 yizha1