Open yarikoptic opened 1 year ago
@yarikoptic I don't like the idea of running arbitrary Python code read from a config file.
A defense case: it is not "arbitrary" as cannot be provided by a possibly malicious "external" user. Here it is a part of the configuration file destined for execution by that user and if user can modify that file, he can as well modify the software directly or do that harm directly. We similarly expose for eval
in datalad foreach-dataset
and so far had no issue with that.
E.g.
to create a section which would collate Pull requests and Issues which have both labels
easy
andcontribution-desired
. It would then be useful to annotate/be able to find work which anyone in the team could pick up "when bored" or just to improve the greenness of their github profiles.as for selection, I wonder if may be it could be generalized a little more exposing internal structure but making it also flexible
where
thing
would be an issue (fromself.active_issues
) or a PR (fromself.open_prs
).WDYT @jwodder ?