diff options
| author |  Johannes Christ <[email protected]> | 2024-07-27 18:51:59 +0200 |
|---|---|---|
| committer | Johannes Christ <[email protected]> | 2024-07-27 18:51:59 +0200 |
| commit | 0d8e16eee4e09785043eabb5050e0832af07a30b (patch) | |
| tree | 872e319a5155c5b55cbb5efa4f2c92cc3e730421 /README.md | |
Initial commit
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..c380b8c --- /dev/null +++ b/README.md @@ -0,0 +1,24 @@ +# poetry-restrict-plugin + +This Poetry plugin aims to restrict Poetry's allowed accesses to what it needs +to fulfill its function, the goal is to apply [principle of least +privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege) to our +development tooling. + + +## Motivation + +What's the worst thing that could happen if you install a malicious Python +dependency on your computer? Which information could it gather from your files, +and how could it make itself a permanent home on your computer? + + +## Installation + +At time of writing, `poetry-restrict-plugin` is only supported on Linux with +[the Landlock LSM](https://docs.kernel.org/userspace-api/landlock.html) enabled. + + + + +<!-- vim: set textwidth=80 sw=2= ts=2: --> |