Open aalvarado opened 5 years ago
dambrogia
commented
5 years ago What would be the purpose of archiving the repo? What would this achieve? I'm the author of #85 and while I do think it's a security vulnerability, it's nothing that's not fixable.
Do you want to archive because the repo hasn't had any contribution activity? Are you proposing that other forks should be used instead? I'm genuinely curious since your issue was a little vague in the reasoning.
aalvarado
commented
5 years ago Do you want to archive because the repo hasn't had any contribution activity?
Yes
Are you proposing that other forks should be used instead?
Yes
Last merge was may of last year. I don't think it works with the latest Slack version and doesn't seem like anyone else can merge to the master branch either.
steveharman
commented
5 years ago Perhaps have the readME updated with a link to an active repo (https://github.com/Nockiro/slack-black-theme)? To avoid confusion for people reaching here from this repo's high Google ranking.
dprice000
commented
5 years ago I've been using this for about a month now and did not know about the vulnerability. The link listed by @steveharman looks to be a fork and does not have issue tracking.
The vulnerability is still even in that fork, correct? Because it looks like they are still injecting the CSS.
If this is not being maintained and has a vulnerability it should probably be deprecated in some way.
We might want to archive the repo.
The install method in the readme is potentially dangerous as explained here: https://github.com/widget-/slack-black-theme/issues/85
And someone is saying that they're maintaining a fork here: https://github.com/Nockiro/slack-black-theme
@widget- please