Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protection of developers from the possibility of malicious code in dependencies #2345

Open
Changaco opened this issue Apr 19, 2024 · 0 comments
Open

Protection of developers from the possibility of malicious code in dependencies #2345

Changaco opened this issue Apr 19, 2024 · 0 comments
Labels
defense protecting ourselves, our users and innocent third-parties DevX making it easier to develop and maintain Liberapay

Comments

@Changaco
Copy link
Member

Liberapay's README currently states:

It's up to you to isolate your development environment from the rest of your system in order to protect it from possible vulnerabilities in the testing dependencies.

That's unsatisfactory. If venvjail pans out, Liberapay should probably use it by default. In the meantime, there should be at least one documented way to set up a sandbox to contain possible exploits.
@Changaco Changaco added DevX making it easier to develop and maintain Liberapay defense protecting ourselves, our users and innocent third-parties labels Apr 19, 2024
@Changaco Changaco mentioned this issue Apr 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defense protecting ourselves, our users and innocent third-parties DevX making it easier to develop and maintain Liberapay
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Changaco