Is there a need for namespacing for plugins? For example, if 2 plugins both define a css class with the same name, which gets used? Or if 2 plugins define a macro with the same name, what happens? Does the last loaded macro take precedence?
If this is an issue it would it need to be addressed sooner rather than later? On Sunday, August 16, 2020 at 1:54:18 PM UTC-4 PMario wrote: > On Sunday, August 16, 2020 at 6:00:47 PM UTC+2, Mark S. wrote: >> >> I might point out that Linux operates this way. >> >> When you install Linux, almost any variety, you also get a package >> manager. With the package manager you have access to 1000s of different >> software products. You just search, select, and install the software that >> you want without having to search the web, download, find dependencies, >> etc. The versions you get may not be the latest versions, but that's >> usually OK. If people need the latest, then they go to the original source. >> > > I think we can't compare "apt" or other installation managers with a > public overview of TW plugins. We don't have any security measures built > in. None of our packages can be validated. ... So everyone can clone and > modify a plugin and republish a potentially evel version with the same > name. .. At the moment our users don't have a possibility to validate > anything. > > That's an other element, which I think about for quite some time. ... At > the moment our system is "kind of" OK, because we can trust the community > members, that create plugins. ... But if TW grows considerably, we will > need to think about some more security too. > > With the proposed system, it would be possible to implement a "community > review" system. Similar to video 8. > > A second measure could be, that we publish a plugin hash overview on the > community page. So everyone can check if an installed plugin has the same > hash as the one installed in a wiki. The hash validation could be done with > a browser plugin. ... But that's probably a completely different thread, > which would need contribution from security experts. > > just some thoughts > -mario > > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/589ece88-13e5-46b6-b009-0685dcc10199n%40googlegroups.com.
