Private Orb Security Setting

We want to use a public orb, but it’s not certified. To use it, we would need to toggle the CircleCI setting to allow use of all 3rd party and uncertified orbs, which we don’t want to do. Aside: it would be nice if the org could approve usage of specific uncertified orbs, rather than all or nothing.

We were thinking we could make a private orb to get around this, by forking the public orb’s GitHub repo, and/or starting one from scratch. But I was watching the CircleCI video on ORB creation, and there is an unanswered comment saying that even with a private orb, they still need to toggle the security setting for uncertified orbs.

Before we further go down the route of creating our first private orb, can anybody confirm if we need to allow all uncertified orbs in order to use our own private orbs?



I would be interested in understanding this too, please.

Is there any update on this point?