[Bf-committers] Please turn off Auto Run Python Scripts by default

Campbell Barton ideasman42 at gmail.com
Sun Jun 9 11:54:41 CEST 2013


On Sun, Jun 9, 2013 at 5:37 PM, Knapp <magick.crow at gmail.com> wrote:
>>> Sure, not everyone's a programmer that can inspect the scripts, but at some point I feel the responsibility lies with the users and with the sites offering the .blends to inform them of potential dangers, and not so much with the BF trying to create a super-safe environment. Super-safe in this case translating to crippled or unusable for some.
>>
>> I think you under estimate how easy it is to hide code in a blend
>> file, at the risk of giving people bad ideas...
>
> I like a lock on a door with windows all over the house, adding some
> code to blender to stop viruses will never be perfect but it will stop
> the neighborhood kid from breaking in. Just knowing that blender has
> some protection will slow down most virus attacks or stop them from
> ever even trying. We will never be able to stop governments or other
> pros from attacking the program but that does not mean we should not
> lock the door.

It seems like you reply to a different point?

I'm only saying that its not so fair to expect users to be able to
open a blend and check for malicious python scripts.

We could have some tool that extracts scripts from a blend (so at
least hiding isn't so much an issue), but this isn't really a
solution, just a tool that helps in certain situations.


More information about the Bf-committers mailing list