[Bf-committers] Blender 2.93 Released!

Dan McGrath danmcgrath.ca at gmail.com
Fri Jun 18 05:57:58 CEST 2021


Hi,

Just a thought, assuming only non commercial add-ons, but is there any use
in pushing such a add-on system into the python pip repos?

As long as you own the namespace, like blender-*, for example, you would at
least be able to offload the hosting burden to pip, as well as benefit from
their battle hardened system.

On Thu, Jun 17, 2021, 9:23 PM Brecht Van Lommel <brechtvanlommel at gmail.com>
wrote:

> There are certainly challenges implementing such a system, though it's
> been done many times in other applications. It's too early to go into such
> details, it's not clear this will even happen or when.
>
> On Thu, Jun 17, 2021 at 10:14 PM Dan McGrath <danmcgrath.ca at gmail.com>
> wrote:
>
>> Hi,
>>
>> For an official online repository that is integrated into Blender, users
>>> would not notice much difference compared to bundled add-ons. I think it
>>> would be valuable to have a way for more developers to share their
>>> add-ons
>>> in the same way.
>>>
>>
>> Out of curiosity, where and how were you thinking of hosting this
>> repository? I would suggest our Google workspace area, due to the ACL,
>> accountability and immutability of their system, but I don't know that the
>> team would prefer that over S3 or self hosting.
>>
>> If self hosted, what about the security of this? A compromise of a binary
>> is trickier; the binary rarely changes, has well known checksums, is signed
>> (on Win/Mac) and at least goes through mirrors and Microsoft which surely
>> have excellent monitoring for unusual behaviour and known malware. If you
>> start self-hosting auto-updating python code, files are directly uploaded
>> into users' networks and devices. You bypass a lot of that built in
>> security in our delivery pipeline in a way I don't know you can easily
>> compensate for, not to mention all of the bandwidth costs which are already
>> a challenge to our gigabit link.
>>
>> --
>> Cheers,
>> Danny
>>
>> ----------------------------------------------------------
>> Danny McGrath - danmcgrath.ca at gmail.com
>> GPG key: EDF6 AFF5 2086 F93A 1F59 36A5 44B6 26F3 6968 71CA
>>
>


More information about the Bf-committers mailing list