Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove insecure pe_installer_source parameter #524

Closed
wants to merge 4 commits into from
Closed

Remove insecure pe_installer_source parameter #524

wants to merge 4 commits into from

Conversation

bastelfreak
Copy link
Collaborator

@bastelfreak bastelfreak commented Nov 4, 2024
edited by ragingra
Loading

Summary

As discussed in an earlier meeting, #465 was closed because the security team demands that peadm doesn't support downloading from provided URLs and the pe_installer_source parameter has to go away.

Additional Context

Add any additional context about the problem here.

Related Issues (if any)

Mention any related issues or pull requests.

Checklist

  • 🟢 Spec tests.
  • 🟢 Acceptance tests.

Changes include test coverage?

  • Yes
  • Not needed

Have you updated the documentation?

  • Yes, I've updated the appropriate docs
  • Not needed

@bastelfreak bastelfreak marked this pull request as ready for review November 4, 2024 21:55
@bastelfreak bastelfreak requested review from a team as code owners November 4, 2024 21:55
ragingra
ragingra reviewed Dec 4, 2024
View reviewed changes
@bastelfreak
Copy link
Collaborator Author

Before merging #524, could you please merge and release #523 & #459 ?

@bastelfreak
Copy link
Collaborator Author

@ragingra any chance this can finally be reviewed and merged?

@GSPatton
Copy link

Hi @bastelfreak. After reviewing this PR with the team, we have concluded that this is not something we would be willing to merge as this will induce breaking changes. As always, we appreciate your contribution and valued input.

Thanks,
Gavin

@GSPatton GSPatton closed this Feb 25, 2025
@bastelfreak
Copy link
Collaborator Author

Sorry, but are you joking?
Both of us and your security team had a meeting. The security team declined #465 because it was insecure from their point of view. They demanded that the pe_installer_source parameter gets removed. And now, after months, you finally respond but just close it? Did the security team change their mind? Does that mean #465 will now be merged?

As always, we appreciate your contribution and valued input.

Sorry, but it doesn't feel like that.

@bastelfreak bastelfreak mentioned this pull request Feb 25, 2025
Open
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ragingra ragingra ragingra approved these changes

Assignees
No one assigned
Labels
backwards-incompatible
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bastelfreak @GSPatton @ragingra