Command hook is downloading a binary from this repository every run... why? #140
Description
Hi there,
First off, thanks for this plugin. We use it and have been happy with its purpose for some time now.
I wanted to bring up a concerning section of code (to us) in hopes this can be addressed:
In our organization, we cache all of our plugins into our build image so they can be used locally (without having to git clone a repository for each plugin). This saves on bandwidth and helps us ensure we know what we're running in our pipelines. I just submitted a PR (#139) and noticed that every invocation of this plugin is making a call to this repository to download a go binary, which puts a hole in our caching strategy, but also reads like a big security issue. I'm not sure I need to detail why this isn't a great idea, but are there plans to make this an offline plugin versus needing to download a binary to execute a command hook?
Thanks and looking forward to hearing back.