-
Notifications
You must be signed in to change notification settings - Fork 905
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not print PowerShell install/update scripts by default #182
Comments
We'll want to split the non-moderated piece, it will be until we have package signing before we can add that. |
Removed the part that said "Flag non-moderated scripts (a warning saying the user should print)" |
I have a first implementation ready to go. Here's what the output looks like:
Here's what's new:
If everything is good, I will issue the PR (click here to see the code changes). You'll notice that again there is no new tests, since it only changes the output and console prompt, and I could not find tests that verified that (related to that discussion... since most of my PRs for now are related to console output, I only verify that all tests are green and test manually in a console) |
Like it. |
* 182-no-ps1-print: (GH-182) Ask before printing ps1 scripts
Merged into stable at ccd3c65 and will be released in 0.9.9.5 |
* stable: (22 commits) (GH-121) Making Uninstall-ChocolateyZipPackage more robust when deleting files that were copied during installation of the Zip package (doc) update changelog/nuspec (GH-238) ApiKey source matching intuitive (maint) formatting (GH-240) Set CredentialProvider for NuGet (GH-240) ChocolateyNugetCredentialProvider (GH-240) Add default sources to machine sources (maint) Only warn subcommand list if not empty (GH-171) Use RedirectedHttpClient (GH-240) pass credentials at runtime (GH-240)(config) Add machine sources (doc) how to quote values (GH-230) Export all functions and aliases imported (GH-230) Fix Issues with Generate/Remove BinFile (GH-185) Remove console prompt default choices (GH-186) Uninstall - no prompt for one version (GH-182) Ask before printing ps1 scripts (GH-187) Show log file path in messages. (maint) formatting (GH-169) Do not resolve disabled sources ... Conflicts: src/chocolatey/infrastructure.app/commands/ChocolateySourceCommand.cs src/chocolatey/infrastructure.app/runners/GenericRunner.cs
This change seems misguided to me, reducing the script confirmations to something just shy of security theater. With this change, the interface now suggests that the normal behavior is to make a decision without looking at the script, which makes the default behavior of asking for those confirmations in the first place seem silly. You're preserving almost all the pain of the confirmations (which is flow-stopping prompt itself, not the messy output) while greatly reducing their main benefit (letting people know exactly what's being run and, more importantly, putting as many eyeballs as possible on each install script making it far more likely that the community will catch any malicious or buggy scripts that slip through moderation). To put it another way, in my mind, this is what the new flow basically amounts to:
Meanwhile, the old way at least made a bit of sense:
|
@ivanatpr I agree and disagree. Right now some of these are a wall of text (which makes some folks eyes gloss over). What I think we will move towards is an even better way to inspect package contents (as in open package folder and let me see it), so that a user can make a decision on whether they want to run the scripts or not. |
@ivanatpr My thoughts, since I participated to this:
I personally think your point is still valid, and I do like @ferventcoder's idea of allowing the user to open and inspect the install script, the installer file and anything else it downloads on your machine. There could be other improvements, but I guess the whole point of chocolatey is to make it easy and straightforward to install software on your machine... I'd be curious to know how other package managers deal with that issue. |
When running chocolatey without the
-y
flag, the script that will be run is printed by default. I suggest not doing that.I believe that most users will skip them or trust them, regardless of whether they are printed or not. Also, it creates a very long output that is harder to read. Finally, the user is still running a script that is intended to run another executable and modify the system.
Here are some options I believe would allow more advanced users to still take advantage of this feature:
Yes/No/Skip/Print
)For more information: https://groups.google.com/forum/#!topic/chocolatey/UVncL7PxXRg
(Moved from chocolatey-archive/chocolatey#690)
Note: Similar to #178 but rather than suggesting confirmation is not needed, I'm here suggesting that we don't print by default; #53 (Yes to all) and the global settings are sufficient IMHO.
The text was updated successfully, but these errors were encountered: