Ban symlinks #189
Comments
This forbids the usage of any symlinks. That seems over opinionated imo. I'm working on a plugin system for formatting-stack, this would make a good candidate for a plugin. It could be implemented as either a linter or a filter and be configured by the consumer. This would require my work to be in before we can ship this though. Once the details become more clear I'll share the work in this area. |
👀 maybe we can ban them if Personally I don't recall a practical use for symlinks in git. When mixed with github/CI things get dangerous. Security aside, surfacing non-local uses of symlinks seems a good thing to do. Just like clj-kondo/Eastwood show things that while might work, aren't really recommended.
Regardless of implementation it seems good to default to security. Especially if we implement PR suggestions (already on the radar); that scenario would get more similar to GHSA-g86g-chm8-7r2p |
|
I gave this a bit more thought; the initial wording threw me off. The linter would simply report on symlinks. Users are still free to ignore the report. Keeping that in mind; i'd prefer a linter over filtering the files. We could ship that before the refactor 👍 |
Context
These show how symlinks in linters can go wrong:
Proposal
Do one of these two (likely they aren't compatible):
strategyAcceptance criteria
lein checkouts keep working
Additional resources
git config --global core.symlinks falsemight be a good thing to perform in CI prior to thecheckoutstep.The text was updated successfully, but these errors were encountered: