D'Lanor wrote:Yes, an age could download and execute code with this package. That is what Drizzle means when it speaks of a security risk.
However, it is easy to spot an age which uses this package, which btw consists of (or at least should consist of) modules already present in any standard Python installation (but not in the default Uru Python distribution). The Python code of such an age would show import statements for the modules from the network access package.
The question is, who should do be doing the police work of checking this? Should this burden rest on the shoulders of those who distribute fan ages? I believe that is where Dustin's concern comes in. I would not be surprised though if Dustin already scans for this and is flashing a warning sign only to tell us that we should not hold him responsible just in case something slips by him.
IMO an age builder who is making use of network access should notify the distributor (Drizzle, shard admins or Pahts assemblers) of this when the age is submitted for release. It may also be a good idea to have a wiki page with a list of ages using the network access package, explaining what they are using it for.
Users browsing this forum: No registered users and 33 guests