hexa-Feb 15, 2025

If you're using #devenv for your projects, please note that the new `generate` command in 1.4.0 uses your repository content.

It tars up all files it can find through `git ls-files -z`鲁 and exfiltrates them to the service.

It handles `DO_NOT_TRACK=`鹿 by sending that intent along虏 as a query string, so now you need to trust the service to not keep data.

馃У 1/n

[1] https://github.com/cachix/devenv/blob/6c987a8795eedea872afe4d1c1ac518d0c7f6db1/devenv/src/cli.rs#L202-L204
[2] https://github.com/cachix/devenv/blob/6c987a8795eedea872afe4d1c1ac518d0c7f6db1/devenv/src/devenv.rs#L212-L214
[3] https://github.com/cachix/devenv/blob/6c987a8795eedea872afe4d1c1ac518d0c7f6db1/devenv/src/devenv.rs#L226-L257

devenv/devenv/src/cli.rs at 6c987a8795eedea872afe4d1c1ac518d0c7f6db1 路 cachix/devenv

Fast, Declarative, Reproducible, and Composable Developer Environments - cachix/devenv

GitHub
Show threadChristmas Tree

@hexa looks like it was reverted?

https://github.com/cachix/devenv/issues/1733#issuecomment-2661242939

Urgent Request: Add a safeguard for `devenv generate` to avoid package ban-list in corporate environments. 路 Issue #1733 路 cachix/devenv

The majority of software companies have very strict regulations on AI, specifically banning any application that could potentially send any information about their code anywhere external. I'm reque...

GitHub
Feb 16, 2025 at 12:43pmIvory for iOS