You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a proposal for a substantial project. I want to gauge community support before undertaking work on it.
I want gemstash to be able to satisfy the resilience and security needs of an organization strongly. Specifically, I wish for the following features, which gemstash appears to currently lack.
The ability to operate off a whitelist--serve only accepted versions of accepted gems. Allowlist only certain gems to cache #320
This is not a small piece of work. Generally, we want to fetch everything and log new version availability for review. We need a monitor mode so that devs can pull in new gems & gem versions & trigger a review. We need permissions to update the whitelist.
Log (WARN) if a cached version of a gem is yanked. what is the expected behavior when the gem was yanked from rubygems? #291
Server to be configurable as to whether or not cached gems continue to be served. Erroring out is an option.
Configuration to be global with individual version overrides
Log (WARN) if an upstream gem changes without a version update.
Both versions kept, but response is configurable.
This is a proposal for a substantial project. I want to gauge community support before undertaking work on it.
I want gemstash to be able to satisfy the resilience and security needs of an organization strongly. Specifically, I wish for the following features, which gemstash appears to currently lack.
This is not a small piece of work. Generally, we want to fetch everything and log new version availability for review. We need a monitor mode so that devs can pull in new gems & gem versions & trigger a review. We need permissions to update the whitelist.
Server to be configurable as to whether or not cached gems continue to be served. Erroring out is an option.
Configuration to be global with individual version overrides
Both versions kept, but response is configurable.
Implicitly, these change likely require addressing at least #408 and/or #409, #154 , and #67.
The ability to remap gem versions might also be useful.