Add "-AuthCheck" to some "choco source" commands #947
Milestone
Comments
|
Looks interesting - let me be sure I understand correctly. You want this to perform the check against the source to validate the credentials are good? |
|
Yes that is the intent. A big reason is that encoding credentials in a source for automation allows secure credential storage (and stops them from being caught in various logs again and again when used on each choco command), but then every package request after that is dependent on those creds being correct. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Both in automation and interactive use it would be handy if choco source would fail if authentication fails.
It would also be necessary to support not authenticating in the case that a source is being added in automation when the machine is in a state where it cannot reach the source - but will be able to reach the source when it actually needs to be used.
I know that figuring out how to do auth checks in a universal way could be challenging - but right now I have to code an actual transaction to the source check it.
Some thoughts on possible implementation:
Support:
choco source add [-AuthCheck [no|read|download|push]] #(default =either "no" or "read")
choco source list [-AuthCheck [no|read|download|push]] #(default = "no" so that source lists are quick like now, works for individual sources or all sources depending on whether a specific source is specified)
Possible New Config:
authCheckSourcesDuringAdd = [no|read|download|push]
The text was updated successfully, but these errors were encountered: