undefined | Better HN

0 pointshobofan1mo ago0 comments

> A permissions system is planned

I'm not sure that "Plugins will declare what they access" should be interpreted as a planned sandbox system. My (cynic) interpretation that it's an opt-in honor system, that would give a good overview about well-maintained plugins, but doesn't do anything to restrict undesired API access by malware.

0 comments

3 comments · 1 top-level

kepano1mo ago· 2 in thread

We haven't shared anything about sandboxing yet. Yes, to start disclosures will be opt-in because we have to help thousands of developers with existing plugins migrate.

However, a permissions system alone is not enough. For example if a user allows a plugin with network connections, it would be easy for a plugin to abuse that permission. That's why scanning the code is still necessary to give users trust in the plugin.

Take a look at scorecards on the Community site, you'll see why some issues are not something a permissions system or sandboxing could catch.

dtkav1mo ago

Speaking as someone who has been building a business around an Obsidian plugin - I think you're on the right track.

What actually matters is that the plugin developer is pro-social, discloses the behavior, the user accepts that disclosure, and that the user isn't duped by their inability to review all of the code for every update.

hobofanOP1mo ago

Sorry, I think think my comment came off too dismissive.

I do think that self-reports on permission usage are a step in the right direction, and can also help in decentralized uncovering of unintended API access.

However I think with the recent pace of supply chain attacks, I think we'll be in for a rough couple months until a sandboxing system is added.

j / k navigate · click thread line to collapse