Unable to verify integrity of package

[lewismc]

Hi @kei6u , we tried out this package and it works very well. Thanks for putting it together.
When we install it via krew it states the following in bright red

WARNING: You installed plugin "secretdata" from the krew-index plugin repository.
These plugins are not audited for security by the Krew maintainers.
Run them at your own risk.

This is a problem for us. I wonder if there is any way to begin performing security auditing on the plugin? This way more people may have confidence in using it...

Again, thanks for putting the project together. Please don't take this as a criticism. It is just a concern when we are dealing with sensitive data.

[keisku]

@lewismc
Thank you for reporting!
I will look into it to solve the warning.

[keisku]

@lewismc

Investigation:
The warning when installing this plugin via krew also occur in other plugin installation due to kubernetes-sigs/krew#576.

The reason we added this is because users must understand that they are downloading potentially unvetted binaries.

This pr added the feature to output the warning message.

Conclusion:
Every plugin installation via krew outputs the warning and there is no way to prevent it currently.

[lewismc]

Thank you for doing the investigation @kei6u and apologies for my late response.