Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewrite the warnings in webapp/README #151

Open
WULCAN opened this issue Jan 19, 2025 · 0 comments
Open

Rewrite the warnings in webapp/README #151

WULCAN opened this issue Jan 19, 2025 · 0 comments

Comments

@WULCAN
Copy link
Collaborator

WULCAN commented Jan 19, 2025

Description

The warnings in webapp/README.md about trusting target repositories are not clear enough.

lyra/webapp/README.md

Lines 12 to 17 in b92fe73

> [!WARNING]
> A party who controls a source code repository branch
> which Lyra is set up to translate will also have
> a lot of control over the Lyra process. That control
> probably includes reading files from the operating system
> and possibly includes arbitrary code exection.

lyra/webapp/README.md

Lines 22 to 26 in b92fe73

> [!WARNING]
> A party who controls the contents of
> a local repository directory will also have
> a lot of control over the Lyra process, probably
> including arbitrary code execution.

These are some of the first things a developer will read about Lyra so its important they are not confusing.

Relevant Job Stories

Estimated size (S, M, L)

I think this issue is small because the problem is very local to the README.

Prerequisites

Understand the risks.

Open questions

The warnings could perhaps be moved to somewhere else, where they don't need to be as well written, but they still need to be improved.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@WULCAN