Closed nicosommi closed 8 years ago
Thanks for the suggestion, but this would be really bad for security. Anyone with write access to any repo a term3 user is shelling around in could execute arbitrary code.
It wouldn't be too much work for you to implement this feature yourself using the auto run command.
Ok but I don't see the security issue in comparison with regular stuff... you can also clone a repo that executes a insecure script by itself using just npm for example.
Sure, but then its the user's fault for running npm before looking. In the case above, the user just opens a term3 shell and third party scripts are unexpectedly run.
Fair enough, I understand it may be too much work for a secondary feature, but the security issue depends upon the implementation. It can be disabled by default, or using confirm questions, and/or trusted lists, etc.
Well I think the subject tells everything. The Auto Run command setting but for project-specific needs. I was thinking in a file on the root folder of your project like .term3 which we may exclude from git or not, so you can be ready to go with just ctrl + alt + t. An example .atom3 file will be: