Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document security issues re using prebuilt extensions #623

Open
ibotty opened this issue Jan 15, 2024 · 2 comments
Open

Document security issues re using prebuilt extensions #623

ibotty opened this issue Jan 15, 2024 · 2 comments

Comments

@ibotty
Copy link

ibotty commented Jan 15, 2024

Who can upload built extensions, are they signed and by whom?

@ianstanton
Copy link
Member

Hey there! Thanks for opening this. We need to document how users can add extensions to the registry :) Here is an example of the general flow:

Opening a PR like this will build and test the extension in CI, and publish on merge to main.

@ibotty
Copy link
Author

ibotty commented Jan 26, 2024

Thank you for your answer. That does give some context.

Am I right that there is nothing in place regarding reproducable builds yet? It would be great to independently verify the binaries.

What I am after with this bug report is first that it's documented so people know what they are getting into and make it easier to identify things to improve.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants