Closed mbbx6spp closed 1 year ago
zimeg
commented
1 year ago 👋 Hi @mbbx6spp! Instructions for installing the Slack CLI binary without the curl | sh command can be found under the "Manual installation" tab on this page. With this, you can choose to make this a global command or treat it as a local script.
I'm not sure if this is alright in place of a sandboxed Deno command, so please let me know if there was another approach you were hoping for or if you have any other questions!
mbbx6spp
commented
1 year ago Thanks, it looks like it is just a binary. So to find out what the Slack CLI accesses on my machine when I run it without source available or a sandboxed runner, I will just have to chroot and strace or something to ensure access is reasonable for my needs. I thought moving to Deno meant an interest in security transparency. :)
mbbx6spp
commented
1 year ago Is there a reason you require the Slack CLI so much for just cloning a repo? Is there anything worth using Slack CLI for that I can't replicate with open source tools? Thanks. I will close the issue but it would be great to understand because my employer generally does not allow developers to run closed source tools on our corporate machines unless it is licensed software. My employer only has a SaaS relationship with Slack at work.
zimeg
commented
1 year ago Regarding the worry around security and access, thank you for raising this and I totally understand this concern! FWIW Deno offers a secure runtime that Slack uses for hosting apps while the Slack CLI is a tool used for building those apps, but I agree that we can do more around transparency.
Beyond cloning repos, the Slack CLI offers tooling for developing, deploying, and managing apps. As this is being developed closely with features of the Slack platform, I'm not aware of any open source alternatives for this tooling at this time. I'll share the restriction on using closed source tools with the team with hopes that we can soon change this. It'd be unfortunate if this is a blocker, but perhaps the Bolt SDKs can offer an open sourced alternative if it is?
I appreciate your understanding with all of this, and again, feel free to follow up with any other questions!
This repository appears to depend on us installing Slack CLI. I do not see how to install Slack's official CLI without running a mystery meat shell script from a random URL. Can someone document how to install the script, even as a gloabl script, via a sandboxed Deno command? Where is the Slack CLI code hosted? I could even write the docs if you gave me the URL.
I am not at liberty to install Slack's CLI tool via a
curl | shcommand. I assume this would no be ok with many enterprise users that need to write Slack automation. Can you please advise? Thanks.Maybe I missed the docs for a proper sandboxed installation?