sloria
commented
5 years ago konch is only meant to be used on single-user development environments.
Closed hartwork closed 5 years ago
sloria
commented
5 years ago konch is only meant to be used on single-user development environments.
hartwork
commented
5 years ago Is that true? Is it documented? Will it match reality?
If you want to keep it non-declarative, maybe adding something like konch whitelist . to add a folder to a whitelist and only run ~/.konchrc from whitelisted folders would help. konch could still check for presence, inform the user, warn of risks, and tell the user, that a whitelist entry is needed.
sloria
commented
5 years ago I like the konch whitelist . (or maybe konch allow ., like in direnv) idea.
Would you be up for sending a PR?
hartwork
commented
5 years ago Sorry, no time.
sloria
commented
5 years ago No problem. I've renamed this issue and left it up for grabs.
sloria
commented
5 years ago I have a working proof of concept of this feature. I'll try to get it merged and released over the next few days.
sloria
commented
5 years ago This feature is released in 3.0.0.
Hi!
I wonder if konch is supposed to be run from (sub?)folders containing
.konchrcfiles only (a bit like.gitwith Git) or from any system folder. I wonder if you considered user tricking other users into running konch with a malicious.konchrcfile — on multi-user systems or through multi-file sources like Git clonse or extracted archives —, something that maybe would not be an issue, if.konchrcwas declarative rather than Python code. What do you think?Best, Sebastian