- Yes, I was assuming too that updates will be posted either by trusted
coders or through pull requests from people not in the dev team.
- Agree, a new file might be in order for those extra commands
Say we make a new file that will include commands that will be loaded when
Leo loads.
Why dont we force all the @command nodes in that file to have this body:
"
def my_new_command():
@others
my_new_command()
"
This is easy to check by the module that loads such file, and it guarantees
those commands will only be executed when called. (Unless there is a way to
escape a function from within and run commands globaly...)
- Their subtree will contain the code.
- Such code will only run when the @command is called.
- Only @command nodes allowed (no @script, etc)
- @command names must start with same prefix, for the user to know about it
"uc-" or whatever you decide.
- Possibly, a "@bool" setting in leosettings would allow those commands to
be loaded or not, so we make sure the user knows that the prefix means
before having access to the "uc" commands.
So even is some malicious code is updated, there are many things not to be
noticed before it actually gets anywhere.
Brainstorming here, forgive my ignorance in python security hehe.
--
You received this message because you are subscribed to the Google Groups
"leo-editor" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/leo-editor.
For more options, visit https://groups.google.com/d/optout.