You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Endo does not currently tolerate fields in compartment-map.json that it does not recognize. This rightly prevents us from adding fields to generated bundles that would cause a new importer to behave differently than an old importer. However, this wrongly prevents us from adding fields that are informative and do not impact execution, like a source hash for each module (we already capture the post-transform hash) #1882
Description of the Design
We will alter the compartment mapper to discard all fields that have an underscore (_) prefix, such that they are not seen by the schema validator and invisible to the runtime, so cannot affect execution behavior.
Security Considerations
New fields are invisible to runtime so any pair of import machinery will be assured to behave the same way. The new fields might be used as a SPAM vector, but not a very attractive one. We discarded the idea of allowing arbitrary metadata files in parallel to compartment-map.json since they would be a more attractive SPAM vector.
Scaling Considerations
May allow accumulation of cruft in bundles.
Test Plan
Will verify equivalence and acceptance of bundles with and without vestigial properties.
Compatibility Considerations
Old and new importers should accept old bundles. The creation of vestigial properties with bundle-source should be opt-in until all importer installations can recognize them. With a major version bump on bundle-source, some opt-ins can become opt-out or inexpressible.
Upgrade Considerations
Maybe.
The text was updated successfully, but these errors were encountered:
What is the Problem Being Solved?
Endo does not currently tolerate fields in
compartment-map.json
that it does not recognize. This rightly prevents us from adding fields to generated bundles that would cause a new importer to behave differently than an old importer. However, this wrongly prevents us from adding fields that are informative and do not impact execution, like a source hash for each module (we already capture the post-transform hash) #1882Description of the Design
We will alter the compartment mapper to discard all fields that have an underscore (
_
) prefix, such that they are not seen by the schema validator and invisible to the runtime, so cannot affect execution behavior.Security Considerations
New fields are invisible to runtime so any pair of import machinery will be assured to behave the same way. The new fields might be used as a SPAM vector, but not a very attractive one. We discarded the idea of allowing arbitrary metadata files in parallel to
compartment-map.json
since they would be a more attractive SPAM vector.Scaling Considerations
May allow accumulation of cruft in bundles.
Test Plan
Will verify equivalence and acceptance of bundles with and without vestigial properties.
Compatibility Considerations
Old and new importers should accept old bundles. The creation of vestigial properties with
bundle-source
should be opt-in until all importer installations can recognize them. With a major version bump onbundle-source
, some opt-ins can become opt-out or inexpressible.Upgrade Considerations
Maybe.
The text was updated successfully, but these errors were encountered: