Note that this mechanism is not transitive — you can't directly import someone else's list of imports. This is an intentional limitation which keeps trust relationships direct and easy to reason about.
I would like to use a central list of trusted imports for multiple projects I work on. Currently that is not possible, if I add/remove a trusted import I would have to go around to every project repo and update the list of imports. Being able to explicitly transitively import my own list would not violate the intention, the trust relationship is still direct and easy to reason about. I would suggest that this is either restricted to a single layer of transitiveness, or an explicit level (imports.foo.transitive = 2). Example sort of config:
I would like to use a central list of trusted imports for multiple projects I work on. Currently that is not possible, if I add/remove a trusted import I would have to go around to every project repo and update the list of imports. Being able to explicitly transitively import my own list would not violate the intention, the trust relationship is still direct and easy to reason about. I would suggest that this is either restricted to a single layer of transitiveness, or an explicit level (
imports.foo.transitive = 2). Example sort of config: