23 Dec
2008
23 Dec
'08
12:53 p.m.
Hi,
Maybe I'm a bit paranoid, but I just tried out the new GetBundles and GitHub integration. I like the idea (that it dynamically finds GitHub projects).
I'm just worried about the security implications. Does TextMate sandbox bundles? I mean, technically speaking, GetBundles lets you download unknown bundles which can execute arbitrary code on my machine.
I'm also inspired by the GitHub/TextMate solution and would like to use a similar interface for downloading script modules in my app. I'm just hoping there's a good way to secure them.
Thanks so much! -Geoff