From 442d1557b879a8a4bd76f441f72a17bfb71cf05f Mon Sep 17 00:00:00 2001 From: Eduardo Julian Date: Sat, 17 Jul 2021 22:48:54 -0400 Subject: Now allowing compilers to generate custom-named outputs. --- stdlib/source/program/aedifex/dependency/resolution.lux | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'stdlib/source/program/aedifex/dependency') diff --git a/stdlib/source/program/aedifex/dependency/resolution.lux b/stdlib/source/program/aedifex/dependency/resolution.lux index 15a32959b..1e0c522b9 100644 --- a/stdlib/source/program/aedifex/dependency/resolution.lux +++ b/stdlib/source/program/aedifex/dependency/resolution.lux @@ -234,12 +234,14 @@ ///package.dependencies (try\map set.to_list) (try.default (list))) - sub_repositories (|> package - ///package.repositories - (try\map set.to_list) - (try.default (list)) - (list\map new_repository) - (list\compose repositories))] + ## For security reasons, it's not a good idea to allow dependencies to introduce repositories. + ## package_repositories (|> package + ## ///package.repositories + ## (try\map set.to_list) + ## (try.default (list)) + ## (list\map new_repository)) + ## sub_repositories (list\compose repositories package_repositories) + sub_repositories repositories] [successes failures resolution] (recur sub_repositories (#.Cons head successes) failures -- cgit v1.2.3