We also have to keep the whole dependency tree in mind as well. ie. com.plugins.benign depends on com.plugins.nefarious
Not sure how a warning banner would address this. @purplecabbage risingj.com On Wed, Mar 5, 2014 at 12:30 PM, Michal Mocny <mmo...@chromium.org> wrote: > On Wed, Mar 5, 2014 at 3:30 PM, Michal Mocny <mmo...@chromium.org> wrote: > > > > > > > > > On Wed, Mar 5, 2014 at 3:02 PM, Brian LeRoux <b...@brian.io> wrote: > > > >> Agree w/ your points Jesse. I'm going to reach out to Maven folks to > find > >> out what they've done wrt to publishing policy. > >> > >> > >> On Wed, Mar 5, 2014 at 11:54 AM, Jesse <purplecabb...@gmail.com> wrote: > >> > >> > I am a no to passing arguments, the use-case is really about doing > some > >> > extra tasks for the current environment. > >> > > >> > I am also a 'no' to prompting the user for permission, this shortly > >> becomes > >> > a permission list of which plugins can and can't run scripts, or do we > >> ask > >> > this every time? > >> > > >> > We definitely need to post our policies for plugins. ie.something like > >> > npmjs.org posts [1] > >> > > >> > We may want to not allow auto publishing of any plugin that uses these > >> > scripts, and have one of us look at it quickly to make sure it is not > >> evil. > >> > > > > Not bad of an idea. I suggest perhaps we do this by adding a banner to > > plugins.cordova.io: "Warning, not verified yet, may be malicious [click > > to vouch for this]". This way, plugin publishers can eat their own lunch > > right away, and plugin publishers don't get frustrated when we inevitably > > become lazy gatekeepers. > > > > What I mean is: put up the banner until verified, but don't block > downloads. > > > > > > > >> > > >> > > >> > [1] https://www.npmjs.org/doc/misc/npm-disputes.html ( the exceptions > >> > section ) > >> > > >> > > >> > @purplecabbage > >> > risingj.com > >> > > >> > > >> > On Wed, Mar 5, 2014 at 11:21 AM, Andrew Grieve <agri...@chromium.org> > >> > wrote: > >> > > >> > > Not sure passing through command-line arguments is feasible for > >> dependent > >> > > plugins. Maybe have the scripts get their args from environment > >> > variables? > >> > > > >> > > > >> > > On Wed, Mar 5, 2014 at 12:59 PM, Jonathan Bond-Caron < > >> > > jbo...@gdesolutions.com> wrote: > >> > > > >> > > > On Wed Mar 5 12:00 PM, Marcel Kinard wrote: > >> > > > > In that case (i.e., "npm test") the user is explicitly invoking > >> the > >> > > > > script. If we are > >> > > > > talking about hooks that run automatically on > >> > > > > "cordova plugin add", then it is > >> > > > > implicit. How about if the cli > >> > > > > prompted the user when a hook request is present > >> > > > > such as "plugin > >> > > > > foobar wants to run the script xyz. Do you grant permission for > it > >> > > > > to > >> > > > > do so?" Perhaps plugman could have an --accept-scripts parm that > >> > > > > granted > >> > > > > permission to all such requests to prevent prompting? > >> > > > > >> > > > Could run scripts in a 'sandbox' of some sort... > >> > > > http://nodejs.org/api/vm.html > >> > > > > >> > > > Might be a little safer and less chaotic in terms of what scripts > >> can > >> > > > install, that way uninstall() can cleanly do its job. > >> > > > > >> > > > > >> > > > >> > > >> > > > > >
