Nope. Neither include plugins, or other ways to load code, in their channels. If they were to in the future I'm sure there'd be some attempt to make people aware of it.
got it. thanks!
> in the first case, its clear to trust ... but in the second (SARE) > case, which channel/author am i actually trusting? DOS, SARE, others? My involvement in the contents of the channels goes no further than you trusting me to not have a setup that makes it easy (or even likely/probable) to compromise the channels and that I'm reproducing the same data available from the SARE website. Beyond that I have no involvement. I do not audit existing or new ruleset channels (new ones are created automatically). Whatever SARE provides is what you get. So whatever mechanisms they have in place to ensure you can trust them is what you're relying on (the same as if you were using RDJ or whatever to get the rules directly from them).
_that_ is clear. again, thanks. your 'facts' do provide an example, given the discussion about 'channel trust', and imho, of the lack of documentation/clarity on determining that trust -- for/by "just" end-users. which is, in part, why, i presume, so many folks suggested (per theo) that the option be turned OFF by default ... innocently misunderstanding/enabling 'allowplugins' seems to have the _potential_ to have some seriously nasty consequences -- i.e., exec'ing a plugin w/ root privs! -- if improperly config'd. a bit more dire than, say, mis-scoring a rule! although i still think some sort of proactive check/report of a channel's activity -- namely, DID it install a plugin ? -- would be a good idea, gievn lack of response/interest to the idea, i'll guess that it's over-(or, silly-) engineering. then, at lease, some additional explanation, clarity, skulls-n-crossbones, etc added to the manpage/docs/wiki would be helpful. DOS's comments, above, are a good start, i think ...
