Comment by DemocracyFTW2
2 months ago
is that permission tied to a specific version with a specific fingerprint/hash? because if it's not then you could still get a surprise come the next update...
2 months ago
is that permission tied to a specific version with a specific fingerprint/hash? because if it's not then you could still get a surprise come the next update...
It is by package name, but at least you won't be surprised when left-pad suddenly has an install script.
You can put a fingerprint on the package dependency itself, though, so if you add a fingerprint to anything you approve the install script for, you will get that level of safety.