[Bf-committers] Blender App Central / Add-on Manager
Davis Sorenson
davis.sorenson at gmail.com
Tue Jan 17 10:47:01 CET 2012
On Mon, Jan 16, 2012 at 2:34 PM, David Jeske <davidj at gmail.com> wrote:
> HOWEVER, keep in mind that centralizing an addon 'appstore', especially one
> that is accessible directly within a product like blender.. creates an
> increased security responsibility. Blender addons are python, and thus they
> can do anything to your computer when run. Existance in a centralized
> appstore tends to imply trust that is not deserved. If submissions are
> open, malacious addons can be registered. Android/chrome have security
> models trapping addons into sandboxes to attempt to control this potential
> vulnerability. (I.e. a google chrome addon is not allowed access arbitrary
> files on your computer)
Screened submissions (Maybe anything that's in the contrib tracker) and
some kind of md5 checksum authentication for downloading scripts could
solve part of that, I know nothing about sandboxing. This way users would
easily be able to get the latest version of their scripts without doing any
command line stuff, and that's a big benefit in itself.
Davis
More information about the Bf-committers
mailing list