[Bf-committers] Blender 2.93 Released!
Dan McGrath
danmcgrath.ca at gmail.com
Thu Jun 17 22:14:34 CEST 2021
Hi,
For an official online repository that is integrated into Blender, users
> would not notice much difference compared to bundled add-ons. I think it
> would be valuable to have a way for more developers to share their add-ons
> in the same way.
>
Out of curiosity, where and how were you thinking of hosting this
repository? I would suggest our Google workspace area, due to the ACL,
accountability and immutability of their system, but I don't know that the
team would prefer that over S3 or self hosting.
If self hosted, what about the security of this? A compromise of a binary
is trickier; the binary rarely changes, has well known checksums, is signed
(on Win/Mac) and at least goes through mirrors and Microsoft which surely
have excellent monitoring for unusual behaviour and known malware. If you
start self-hosting auto-updating python code, files are directly uploaded
into users' networks and devices. You bypass a lot of that built in
security in our delivery pipeline in a way I don't know you can easily
compensate for, not to mention all of the bandwidth costs which are already
a challenge to our gigabit link.
--
Cheers,
Danny
----------------------------------------------------------
Danny McGrath - danmcgrath.ca at gmail.com
GPG key: EDF6 AFF5 2086 F93A 1F59 36A5 44B6 26F3 6968 71CA
More information about the Bf-committers
mailing list