On Sunday, August 16, 2020 at 6:00:47 PM UTC+2, Mark S. wrote: > > I might point out that Linux operates this way. > > When you install Linux, almost any variety, you also get a package > manager. With the package manager you have access to 1000s of different > software products. You just search, select, and install the software that > you want without having to search the web, download, find dependencies, > etc. The versions you get may not be the latest versions, but that's > usually OK. If people need the latest, then they go to the original source. >
I think we can't compare "apt" or other installation managers with a public overview of TW plugins. We don't have any security measures built in. None of our packages can be validated. ... So everyone can clone and modify a plugin and republish a potentially evel version with the same name. .. At the moment our users don't have a possibility to validate anything. That's an other element, which I think about for quite some time. ... At the moment our system is "kind of" OK, because we can trust the community members, that create plugins. ... But if TW grows considerably, we will need to think about some more security too. With the proposed system, it would be possible to implement a "community review" system. Similar to video 8. A second measure could be, that we publish a plugin hash overview on the community page. So everyone can check if an installed plugin has the same hash as the one installed in a wiki. The hash validation could be done with a browser plugin. ... But that's probably a completely different thread, which would need contribution from security experts. just some thoughts -mario -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/8ef2392c-55dc-4c4a-be0d-0b347270db14o%40googlegroups.com.
