Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement LavaMoat / freeze underlying packages #644

Open
hstove opened this issue Oct 21, 2020 · 5 comments
Open

Implement LavaMoat / freeze underlying packages #644

hstove opened this issue Oct 21, 2020 · 5 comments

Comments

@hstove
Copy link
Contributor

hstove commented Oct 21, 2020

We would like to implement LavaMoat in this repository to prevent supply chain attacks.
@hstove hstove self-assigned this Oct 21, 2020
@psq
Copy link

psq commented Oct 22, 2020

I'm not so sure this should be included in libraries others can use, this should rather be used in the app itself, should the developer chose to do so, not be imposed by dependencies... Unless it would not leak outside the library context, which I'm not sure is possible.

@hstove
Copy link
Contributor Author

hstove commented Oct 22, 2020

Yes, the idea is to have this only in place for the authenticator itself.

@stale
Copy link

stale bot commented May 13, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label May 13, 2021
@stale
Copy link

stale bot commented May 22, 2021

This issue has been automatically closed. Please reopen if needed.

@stale stale bot closed this as completed May 22, 2021
@stale stale bot removed the stale label Jun 30, 2021
@markmhendrickson markmhendrickson changed the title Implement LavaMoat Implement LavaMoat / freeze underlying packages Jun 30, 2021
@markmhendrickson
Copy link
Collaborator

Related discussion from @beguene: #1347

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@psq @markmhendrickson @hstove