cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian LeRoux...@brian.io>
Subject Re: Proposal: hooks support for plugins
Date Wed, 05 Mar 2014 20:02:14 GMT
Agree w/ your points Jesse. I'm going to reach out to Maven folks to find
out what they've done wrt to publishing policy.


On Wed, Mar 5, 2014 at 11:54 AM, Jesse <purplecabbage@gmail.com> wrote:

> I am a no to passing arguments, the use-case is really about doing some
> extra tasks for the current environment.
>
> I am also a 'no' to prompting the user for permission, this shortly becomes
> a permission list of which plugins can and can't run scripts, or do we ask
> this every time?
>
> We definitely need to post our policies for plugins. ie.something like
> npmjs.org posts [1]
>
> We may want to not allow auto publishing of any plugin that uses these
> scripts, and have one of us look at it quickly to make sure it is not evil.
>
>
> [1] https://www.npmjs.org/doc/misc/npm-disputes.html ( the exceptions
> section )
>
>
> @purplecabbage
> risingj.com
>
>
> On Wed, Mar 5, 2014 at 11:21 AM, Andrew Grieve <agrieve@chromium.org>
> wrote:
>
> > Not sure passing through command-line arguments is feasible for dependent
> > plugins. Maybe have the scripts get their args from environment
> variables?
> >
> >
> > On Wed, Mar 5, 2014 at 12:59 PM, Jonathan Bond-Caron <
> > jbondc@gdesolutions.com> wrote:
> >
> > > On Wed Mar 5 12:00 PM, Marcel Kinard wrote:
> > > > In that case (i.e., "npm test") the user is explicitly invoking the
> > > > script. If we are
> > > > talking about hooks that run automatically on
> > > > "cordova plugin add", then it is
> > > > implicit. How about if the cli
> > > > prompted the user when a hook request is present
> > > > such as "plugin
> > > > foobar wants to run the script xyz. Do you grant permission for it
> > > > to
> > > > do so?" Perhaps plugman could have an --accept-scripts parm that
> > > > granted
> > > > permission to all such requests to prevent prompting?
> > >
> > > Could run scripts in a 'sandbox' of some sort...
> > > http://nodejs.org/api/vm.html
> > >
> > > Might be a little safer and less chaotic in terms of what scripts can
> > > install, that way uninstall() can cleanly do its job.
> > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message