There's a catch-22 here. Enterprises that require encryption at rest likely won't tolerate enabling a package manager that lets you download executable code from the internet during runtime, especially when that package manager is both home-grown, and largely unused and neglected.
So we need to evolve the package manager such that it supports a purely offline mode where all fetching and verifying of packages happen in a CLI tool at deploy-time, and you can start Solr in an air-gapped environment without any external internet access or code download. Sandbox sounds like a good start. Perhaps with an alpha-release for easy testing by users? Jan > 15. mar. 2023 kl. 20:07 skrev Ishan Chattopadhyaya > <ichattopadhy...@gmail.com>: > > I would love to see such a support be available to users by way of the > package manager, irrespective of whether it is a first or third party > package. > > On Thu, 16 Mar, 2023, 12:33 am David Smiley, <dsmi...@apache.org> wrote: > >> On Wed, Mar 15, 2023 at 5:23 AM Ishan Chattopadhyaya < >> ichattopadhy...@gmail.com> wrote: >> >>> Does it need to be a first party project? >>> >> >> If there is a maintainer then, I think yes. When there isn't, then it's a >> difficult question. >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@solr.apache.org For additional commands, e-mail: dev-h...@solr.apache.org
