Triode;374009 Wrote: > > To ensure we only include popular plugins which have been reviewed and > are known not to include malicious code, recommendations should be > supported by 3 "senior" forum members, one of which has reviewed the > code. >
I suspect we are going to need some kind of instructions regarding the "review" process. What are we suppose to review, is it "just" that the plugin doesn't include malicious code or are we talking about a general review of the code to get an idea of the code quality ? If you want this to be done correctly it could take some time, finding malicious code could be pretty hard since if someone decides to do something bad they are probably also going to try to hide it in the code. I'm guessing that there is a risk that we are going to get a lot of "supported" plugins but very few where someone has actually bothered to review the code. Using third party plugins is always a risk. Today when I install a third party plugin I generally trust a developer and not a particular plugin. If the developer earlier has shown to write good plugins that doesn't do anything bad, I just install new plugins from the same developer without reviewing the code. If a new developer announce a plugin, I either wait until some users has tried it or I take a quick look at the code to see if it looks like the developer knows what he is doing. I wonder if the review process actually will protect us against anything. If someone intentionally likes to do something bad, they are just going to hide it in the code or release an initial version which is save to get into the recommended list and then release the malicious version as an upgrade when they are already on the recommended list. I suppose the only thing the review process is going to protect us against is that new developers who don't know what they are doing can't get on the recommended list until their code has been cleaned up by someone. -- erland Erland Isaksson 'My homepage' (http://erland.isaksson.info) 'My download page' (http://erland.isaksson.info/download) (Developer of 'TrackStat, SQLPlayList, DynamicPlayList, Custom Browse, Custom Scan, Custom Skip, Multi Library and Database Query plugins' (http://wiki.erland.isaksson.info/index.php/Category:SlimServer)) ------------------------------------------------------------------------ erland's Profile: http://forums.slimdevices.com/member.php?userid=3124 View this thread: http://forums.slimdevices.com/showthread.php?t=56697 _______________________________________________ plugins mailing list plugins@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/plugins