[Bf-committers] Python sandbox

[Benjamin Tolputt]

Leif Andersen wrote:
> I really like Jonathan's idea.  Perhaps some sort of distributes/crowd
> sourced 'plugin center' for blender, that relies on a web of trust.  I think
> that is a great idea, and unless the community thinks it's a horrible idea,
> I will submit a GSoC proposal on it.
>   

I cannot speak for the community, but my thoughts are that a "web of
trust" misses the point. Trust systems work so long as one assumes that
the participants are going to be a somewhat insular community. This
works well for code, emails, and the like but artists? We're doing our
best to shield them from the technicalities on the one hand, but
requiring them to be part of a trust network just to share files?

We would also now require users to connect online to open new files (in
order to verify the trust chain). And any trust network would need to be
maintained. And all because the chosen language is, by default,
unsecure. What happens when a previously trusted person goes rogue (or
more likely, someone hacks their machine and uses their credentials) to
create a malicious .blend file? How does one revoke this trust across a
network of machines without requiring them to connect to a central server?

The problem is, quite frankly,  the language/platform used and the
solution resides in either fixing the language or replacing it.
Overlaying trust networks on the basic use of Blender is just overly
complicating the application and doesn't really get rid of the problem -
that being a Python expression for driving a rig can easily wipe your
hard drive. By the time you realise the person signing the file should
not be trusted - the damage has been done.

-- 
Regards,

Benjamin Tolputt
Analyst Programmer