| ▲ | kepano 5 hours ago |
| Read through the blog post. A permissions system is planned in addition to the automated scans and more controls for teams. All are necessary because permissions alone can't solve certain malicious behaviors. Look at some scorecards on the Community site you'll quickly see why some of the warnings are not things a permissions system or sandboxing could catch. The blog post contains details about the rollout, but it will be a phased approach because it requires changes to the plugin API. |
|
| ▲ | hobofan 4 hours ago | parent | next [-] |
| > A permissions system is planned I'm not sure that "Plugins will declare what they access" should be interpreted as a planned sandbox system. My (cynic) interpretation that it's an opt-in honor system, that would give a good overview about well-maintained plugins, but doesn't do anything to restrict undesired API access by malware. |
| |
| ▲ | kepano 4 hours ago | parent [-] | | We haven't shared anything about sandboxing yet. Yes, to start disclosures will be opt-in because we have to help thousands of developers with existing plugins migrate. However, a permissions system alone is not enough. For example if a user allows a plugin with network connections, it would be easy for a plugin to abuse that permission. That's why scanning the code is still necessary to give users trust in the plugin. Take a look at scorecards on the Community site, you'll see why some issues are not something a permissions system or sandboxing could catch. | | |
| ▲ | dtkav 4 hours ago | parent | next [-] | | Speaking as someone who has been building a business around an Obsidian plugin - I think you're on the right track. What actually matters is that the plugin developer is pro-social, discloses the behavior, the user accepts that disclosure, and that the user isn't duped by their inability to review all of the code for every update. | |
| ▲ | hobofan 4 hours ago | parent | prev [-] | | Sorry, I think think my comment came off too dismissive. I do think that self-reports on permission usage are a step in the right direction, and can also help in decentralized uncovering of unintended API access. However I think with the recent pace of supply chain attacks, I think we'll be in for a rough couple months until a sandboxing system is added. |
|
|
|
| ▲ | blitzar 4 hours ago | parent | prev | next [-] |
| > Read through the blog post You must be new around here. |
|
| ▲ | dtkav 4 hours ago | parent | prev [-] |
| Hey kepano - can you please grandfather in existing plugin IDs? Forcing a migration seems really user-unfriendly unless there's a symlink or something. We have a "caution" score because our plugin (system3-relay) has a 3 in it (part of our business name), and we have thousands of daily active users that would need to essentially download a new plugin if we change it. |
| |
| ▲ | kepano 4 hours ago | parent [-] | | Yes. That's fixed! There will be some false positives and false negatives as we iron out kinks in the new system, but we're working feverishly in the #plugin-dev channel on Obsidian Discord to help devs. Please be patient, we're only a handful of people working on it :) | | |
|
