jorgebucaran
commented
11 months ago @voidlock Hi, it's been some time. I'm generally fine with this minor change, but I'm just slightly worried it might pose a risk or harm to users. Thoughts?
Open voidlock opened 1 year ago
jorgebucaran
commented
11 months ago @voidlock Hi, it's been some time. I'm generally fine with this minor change, but I'm just slightly worried it might pose a risk or harm to users. Thoughts?
voidlock
commented
10 months ago @jorgebucaran I understand your concern. What if I updated the PR to include a mechanism similar to how Golang handles private modules with the GOPRIVATE environment variable?
Perhaps a FISHER_PRIVATE environment variable that a user can customize.
set FISHER_PRIVATE github.com/your_github_username/mysecret github.com/your_github_username/myothersecretWhen fetching plugins, Fisher would scan the list provided by FISHER_PRIVATE. If it's found, it can update the curl command to include the --netrc flag.
Context
I have a specific use case where a set of fish plugins are made available internally. They are not public Github repositories. The
curlcommand used by fisher will only fetch plugins from public repositories.Proposed Changes
By changing the command to
curl -nit can take advantage of any credentials stored in the~/.netrcfile. This may not be the best flag to have enabled by default, or perhaps goes against the spirit of sharing fish plugins publicly. An alternative could be to move this behind a variable or some other indicator to mark that a plugin is private.