Remix.run Logo
the_mitsuhiko an hour ago

We are going to address this. Not by loading the agent but by finding a way to provide official plugins or blessed plugins. But we’re not yet sure what the right approach is.

raesene9 an hour ago | parent [-]

If you're going to have "blessed" plugins, which seems like a good idea, you'll need a review and possibly hosting process.

- Review to check that the plugin is reasonable quality/isn't malicious.

- hosting (e.g. the plugin is retrieved from a repo. you control) or "known good" checksums so pi will only download the plugin with a version that you've reviewed.

From a security/supply chain aspect, ironically what you're looking to do is deliberately add some friction to the publishing process, which sounds bad, but can be quite effective at mitigating attacks. Most of the recent supply chain attacks get found by automated scanners in < 24 hours, so having a review process for new releases that takes a while will reduce the number that affect users.

I think having this is handy as it'll give security conscious users more confidence in using pi, without the anxiety of pulling a load of additional code from effectively random sources.