-
Notifications
You must be signed in to change notification settings - Fork 162
Fetch plugins from NuGet #348
Comments
Nice idea, that is an old dream of me 😄 But that could be dangerous, we allow anyone to download virtually any files packaged on nuget with the right tag. We need at least to display a warning. We also need to think about a (simple) dependency system, for plugins needing ScriptCs (dotnet script in a near future). |
Always wanted to build something like this 😁
Package signing could be the solution to this. But on the other hand: we do that all the time.
If we just follow the dependencies of the nuget packages, plugin authors could just define their dependencies in their package. |
That can check integrity and identity but we should signal that we haven't validate/check these plugins and cannot guaranty that they are safe.
I haven't thought of that, that could do it but since it is runtime dependency I think we will have to treat it specifically. |
We can check how the cake guys treat this problem.
We could advise plugin authors to use Fody.ILMerge instead of fetching dependencies or the new AssemblyLoadContext in netcore3.0 (I'm not sure about net4 support on this). |
But I think we should not overcomplicate, throw in a prototype, check integrity and see if plugin author's will jump on :) |
I agree that we should not overcomplicate this, I just want to display a warning on console, nothing more :) For runtime dependency on dotnet script I was thinking of doing that in a second part or integrate it directly in Pretzel. |
It would be awesome if we can install pretzel plugins directly from nuget.
Proposed solution:
pretzel.conf
or probably use_config.yml
pretzel.conf
_plugins
folderpretzel.conf
and delete from_plugins
folderrelated #226
The text was updated successfully, but these errors were encountered: