Hi all, Back to practical solutions we can work on for the next release! Here's a proposal I think has a wide consensus:
1) "Trusted source" for autorun scripts gets default disabled. 2) On loading a .blend with autorun script, we notify a user of that. How that UI will work exactly has a number of solutions we can investigate further. I suggest Campbell to investigate it and test some ideas and propose that here. The above should be a real 2.68 target. Further actions we can take: 3) Implement a friendly (easy to use) way for marking/defining .blend files to be always be trusted. Also here a number of solutions are possible, like preset directories for where such files are located, or a way to sign personally saved files. Or both. I propose Campbell to investigate that further too with some people and come with a final proposal for it. 4) Cleanup Blender file writing code itself as well. Like stop using /tmp for files, and enforce relative paths for (automatic) output file writing. 5) Figure out if there's any way to detect malicious scripts... 6) Kick Python.org and/or support the PyPy project to get 3.x Python secured somehow. -Ton- -------------------------------------------------------- Ton Roosendaal - [email protected] - www.blender.org Chairman Blender Foundation - Producer Blender Institute Entrepotdok 57A - 1018AD Amsterdam - The Netherlands _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
