-
Notifications
You must be signed in to change notification settings - Fork 225
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Option to treat PUB_HOSTED_URL as a replacement of pub.dev #2993
Comments
You can try this way |
I think this a bad idea from a security perspective. Maybe one day, we'll have package signing and protection from replay attacks, etc... then we can contemplate implementing support for actual mirrors. But all of this is non-trivial, I've been looking at things like https://theupdateframework.io/ A workaround might be to do a pre-commit hook that rewrites It's also possible we should consider dropping the URL in |
In addition to that, the CI pileline might rewrite the URLs with Git hooks would be fragile since we can not reject invalid commits on GitHub in the case the hooks fail to run or some new member/new machine forget to set that up (why isn't there some way to automatically configure that in 2022?). We also need something that works reliably across Windows/macOS/Linux. Currently we are ignoring |
Having to use a mirror without some signing/verification in place is already unsafe, but let's face the reality that |
The majority of our team work in China, so we need
PUB_HOSTED_URL=https://pub.flutter-io.cn
otherwisepub get
can take forever. Some even have different mirror configuration. However, some of our members and our CI service are not located in China, they sometimes can not even connect to the mirror.The problem is, this URL ends up being written in
pubspec.lock
and is updated every time a different member works on the project, quickly becoming noisy. Currently we are ignoringpubspec.lock
from our repository, but it is far from ideal. Is there any way around this?The text was updated successfully, but these errors were encountered: