Hacker News new | past | comments | ask | show | jobs | submit login

Technically yes, but I can’t think of the last time I cloned a repo without then running code from it...



Well, I clone repos to inspect code all the time, and when I run code, it’s usually not with the same permissions as the corresponding `git clone`. Maybe I should be better about sandboxing Git…


Depends on how you define "running code".

  1. Download container description (Dockerfile)
  2. Upon image build it "compiles things" (e.g. processes/assembles javascript)
  3. Build fails, because it pulls architecture incompatible library (or does not pull architecture mandated library)
  4. Fix build scripts, rebuild container image
  5. Verify container
  6. Pull repo
  7. Reproduce changes, commit
  8. Push
Nothing apart clone-edit-push happens on the repo. The code can be executed on a remote, hardened, isolated system. With proliferation of containers I guess this scenario will become more and more common among ops people.


Any html/js web frontend project that runs in a browser?


Sure I'll just `npm install`.... damnit! Hacked again.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: