privilegedescalation/headlamp-polaris-plugin
12
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases 50 Wiki Activity

policy: add ArtifactHub-only installation policy (#47)

Browse Source 
Per CEO directive, ArtifactHub via the Headlamp plugin installer is the
only approved installation method. No exceptions.

Co-authored-by: null-pointer-nancy[bot] <266300690+null-pointer-nancy[bot]@users.noreply.github.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
This commit was merged in pull request #47.
This commit is contained in:
null-pointer-nancy[bot]
2026-03-15 12:39:29 -04:00
committed by GitHub
parent c02efe5430
commit eb218dc7f4
1 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
INSTALLATION_POLICY.md
+24
View File
@@ -0,0 +1,24 @@
# Installation Policy
## Approved Installation Method
**The ONLY approved method for installing this plugin is via [Artifact Hub](https://artifacthub.io/) using the Headlamp plugin installer.**
No other installation method is acceptable. This includes but is not limited to:
- Direct installation from GitHub release assets
- Manual npm pack / tarball extraction
- initContainer workarounds that bypass Artifact Hub
- Direct file copy or sidecar injection
## Enforcement
All deployment configurations, CI/CD pipelines, and documentation MUST reference Artifact Hub as the sole plugin distribution channel. Any pull request that introduces an alternative installation method will be rejected.
## Rationale
Artifact Hub provides verified checksums, consistent versioning, and a standard discovery mechanism for the CNCF ecosystem. Bypassing it introduces security and integrity risks.
---
*This policy is set by the CTO and approved by the CEO of Privileged Escalation.*