-
Notifications
You must be signed in to change notification settings - Fork 290
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
discussion - CLI usability #80
Comments
Whitelisting may be the common case but making it the default would be a surprise to many people and I would rather users/admins be explicit about their intention than accidentally whitelisting something they intend to blacklist. Would allowing the command to operate on multiple paths be OK? E.g:
I'm sure we can manage that.
It does, e.g:
Would add a rule for AgileBits' developer cert. |
Ah, I swore I got a message saying e.g. |
I'm going to close this out for now, and consider escaped text a 'nice to have' feature request that may be supplemented by more tooling or user-friendliness to reduce the dependence on CLI interaction in the future. |
I'm hoping to make this easier to trial without a sync server, which I know is already asking for a bit much, but on behalf of lazy selfish admins I thought I'd ask:
Along with #78, could we look at ways of making adding whitelist rules at the CLI easier? I'd think the common-case for using santactl at all is to whitelist, and
--path
seems to would be easiest to copy-paste into terminal from the block dialog (would also be nice if the dialog went to the pasteboard escaped... I'm asking too much, aren't I.) Could we make the rule subcommand not require --whitelist or --path? Path also doesn't currently try to extract leaf certs for building the rule (if present), could that functionality be enabled?The text was updated successfully, but these errors were encountered: