Guild of Writers

Exactly! In fact, it could be made so that if someone forgets this, and Dustin is sent the package, and he finds something, he could see it as a warning.

I think if an age writer wants an age to have network access, the age should have access to the network (if the computer is connected to the internet). I think it's artistically disrespectful to say: "I'll take your age, however, I'm going to disable this part of it and enjoy the rest." If someone wants to avoid ages that connect to the network, they can choose not to link to those ages. Drizzle, IMO, shouldn't have the power to break ages by telling what dependencies can and can't be downloaded. Have you ever had YUM or apt-get tell you that "sorry, but you'll just have to limp along without OpenAL because we think it's unsuitable for you"? No, that distribution software doesn't abuse you like that. I think Drizzle should not expect everyone to be stupid. Just pop a message up BEFORE linking to the age for the first time (it's easy, it's just a yes/no box). This box can explain the risks involved. Constantly annoying an end-user that "You're computer is at risk of infection" is just as annoying as a pop-behind ad for a virus sweeper.

Unfortunately, Lohntahv, all the in-game kinds of warnings I suggested were shot down by our IC keepers for breaking immersion, or something . And I partially understand them. Being able to globally configure this outside of the games is a good idea, IMHO. Of course, constantly warning about a security risk if you once made the decision to install that package is not. A simple dependency of the age to that package (with a clear message that a dependency is installed, when it is - just like the package manager example you used) would be the best solution, IMHO.
I attached a simple patch to only warn users that did not explicitly install the package - but last time I tried, Dustin wouldn't want it in Drizzle.

In reply to Chacal's questions: Indeed, all of this is possible with the network access package. However, since Python can run arbitrary code even without it, it could - for example - have a somehow encoded form of an executable within the Python source, write that to disc, execute it - and then let that executable do the network access. Or it could use the ftp.exe shipped with Windows. So, network access does not open principally new possibilities, it just makes them easier to use for good and for bad.

D'Lanor wrote:Yes, an age could download and execute code with this package. That is what Drizzle means when it speaks of a security risk.

However, it is easy to spot an age which uses this package, which btw consists of (or at least should consist of) modules already present in any standard Python installation (but not in the default Uru Python distribution). The Python code of such an age would show import statements for the modules from the network access package.
The question is, who should do be doing the police work of checking this? Should this burden rest on the shoulders of those who distribute fan ages? I believe that is where Dustin's concern comes in. I would not be surprised though if Dustin already scans for this and is flashing a warning sign only to tell us that we should not hold him responsible just in case something slips by him.

IMO an age builder who is making use of network access should notify the distributor (Drizzle, shard admins or Pahts assemblers) of this when the age is submitted for release. It may also be a good idea to have a wiki page with a list of ages using the network access package, explaining what they are using it for.

Yes, I scan new Ages for a number of things, network access being one of them. (Creating code on the fly being another one of them, which isn't necessarily bad, but it is sometimes suspicious so I like to take a look.) That's a good idea to keep a list of what Ages are trying to get network access, so I've put it up here: http://dusty.homeunix.net/wiki/UAM/Ages/NetworkActiveAges. Thanks for the idea! While it is technically possible for an Age to try to do something like have a binary stored in the Python code, I try to find such things. It is possible for it to slip by though, so if anyone notices such a thing, please report it to me immediately, as it may be malicious! And then I can investigate further: the nice part about this kind of problem, is that one can sit down and pour over it if one is in doubt, and figure out if it is doing something bad or not, so it is not as big of a problem. (Whereas if it has network access, you can never be sure it's not malicious. That is: you can affirm it but not refute it, for those who know topological logics.)