Erik Sipsma

> @sipsma one small clarifying question before I address the rest of your message: in your proposed flow, the step "Execute dagger-engine-session with --addr $DAGGER_SESSION_ADDR" comes after checking that $DAGGER_SESSION_ADDR...

We have a pressing need for this and it has been prototyped successfully for the use case of running dockerd in dagger in this draft PR: https://github.com/dagger/dagger/pull/4677 IMO the best...

> What do you mean in this context by "override the runner"? I just mean specify the runner to use. "Override" in this context just meant "use this runner instead...

> You mention the security issue with sending plaintext secrets over tcp Basically if any one has capabilities to sniff localhost traffic (on Linux I think it's `cap_net_admin`, maybe `cap_net_raw`...

> Yeah.. it doesn't feel right to make this part of the spec. Isn't there a way to make that remote URL automatically defined? so that way the engine-session would...

> defining this will become important for the release of the CLI as well. Let's try to converge towards a decision before the end of the week if possible 🙏...

Talked about a bit more this with @aluzzardi, synthesizing that with the plans on 1. replacing the engine-session binary with the CLI as ([described here](https://github.com/dagger/dagger/issues/3830#issuecomment-1317694885)) 2. the various user requests...

> _DAGGER_CLI_BIN > I think we should drop this entirely. It's too much complexity for clients, and not needed. > > * bin:// can be advantageously replaced with $PATH >...

> I think we should remove docker-image://, and anything else that doesn't point to a live endpoint. Probably safer to stick to the same set of supported values as buildkit,...

> Can we drop the bin:// prefix? :) Eg. _EXPERIMENTAL_DAGGER_CLI_BIN=. To me it feels less weird without the open-ended "url with weird schemes" contraption. You need a bin, here is...