-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document security issues re using prebuilt extensions #623
Comments
Hey there! Thanks for opening this. We need to document how users can add extensions to the registry :) Here is an example of the general flow: Opening a PR like this will build and test the extension in CI, and publish on merge to |
Thank you for your answer. That does give some context. Am I right that there is nothing in place regarding reproducable builds yet? It would be great to independently verify the binaries. What I am after with this bug report is first that it's documented so people know what they are getting into and make it easier to identify things to improve. |
Who can upload built extensions, are they signed and by whom?
The text was updated successfully, but these errors were encountered: