[Bf-committers] Please turn off Auto Run Python Scripts by default

Thomas Dinges blender at dingto.org
Tue Jun 4 20:15:40 CEST 2013


I may see this too simple, but you also don't run any .exe file you get 
your hands on, on your computer.
In the end it all comes down to "Do I trust the source, yes or no." ;)

Come on, how often did you got a virus or so via a .exe or so, and how 
often via a .blend file?

Am 04.06.2013 19:58, schrieb David Jeske:
> On Tue, Jun 4, 2013 at 8:05 AM, Brecht Van Lommel <
> brechtvanlommel at pandora.be> wrote:
>
>> Here's another discussion where the popup idea comes up:
>> http://lists.blender.org/pipermail/bf-committers/2010-March/026573.html
>>
>> It's a tradeoff, do we really want to degrade usability for this?
>
> I don't think this is a question of degrading expert blender usability.
> It's a question of protecting a broader less expert userbase from malicious
> blend files.
>
> I think your previous post is an excellent case for not SILENTLY disabling
> scripts by default. [1] However, this is not the only option. For nearly a
> decade MS-Word has been using a challenge dialog before running scripts. Is
> there ideological opposition to default to showing a dialog before
> processing python scripts in a blend file?
>
> The decision at the time was that no, we do not. Also note that even
>> disabling scripts does not make Blender secure, there's dozens of
>> other ways to create malicious .blend files.
>>
> What are the other "dozen" ways blender could
> read/destroy/send-files-to-the-internet/install-viruses with python scripts
> disabled?
>
> [1] http://lists.blender.org/pipermail/bf-committers/2010-April/027216.html
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers


-- 
Thomas Dinges
Blender Developer, Artist and Musician

www.dingto.org



More information about the Bf-committers mailing list