[Bf-committers] Blender App Central / Add-on Manager

Knapp magick.crow at gmail.com
Tue Jan 17 20:46:24 CET 2012


On Tue, Jan 17, 2012 at 10:47 AM, Davis Sorenson
<davis.sorenson at gmail.com> wrote:
> On Mon, Jan 16, 2012 at 2:34 PM, David Jeske <davidj at gmail.com> wrote:
>
>> HOWEVER, keep in mind that centralizing an addon 'appstore', especially one
>> that is accessible directly within a product like blender.. creates an
>> increased security responsibility. Blender addons are python, and thus they
>> can do anything to your computer when run. Existance in a centralized
>> appstore tends to imply trust that is not deserved. If submissions are
>> open, malacious addons can be registered. Android/chrome have security
>> models trapping addons into sandboxes to attempt to control this potential
>> vulnerability. (I.e. a google chrome addon is not allowed access arbitrary
>> files on your computer)
>
>
> Screened submissions (Maybe anything that's in the contrib tracker) and
> some kind of md5 checksum authentication for downloading scripts could
> solve part of that, I know nothing about sandboxing. This way users would
> easily be able to get the latest version of their scripts without doing any
> command line stuff, and that's a big benefit in itself.
>
> Davis

Correct me if I am wrong but my take on the last HUGE talk about
security was that hackers can hack blender if they really want to and
there is not much that can be done about it, so we will just accept
the risks while trying to minimize them. Seems like the same thing
applies here.


-- 
Douglas E Knapp

Creative Commons Film Group, Helping people make open source movies
with open source software!
http://douglas.bespin.org/CommonsFilmGroup/phpBB3/index.php

Massage in Gelsenkirchen-Buer:
http://douglas.bespin.org/tcm/ztab1.htm
Please link to me and trade links with me!

Open Source Sci-Fi mmoRPG Game project.
http://sf-journey-creations.wikispot.org/Front_Page
http://code.google.com/p/perspectiveproject/


More information about the Bf-committers mailing list