Discussion in 'BukkitDev Information and Feedback' started by fredlllll, May 6, 2012.
*Lolmewn and ZachBora get assassinated for knowing and saying too much.*
Oh so that's why alarm went off! (No seriously, it went off )
That's been suggested at least twice already and responded to more times. Please read the thread.
Okay, you seem to have some experiences with people to upload malicious code. Personally, I have a hard time believing though that the amount of malice warrants the level of security imposed, since plenty of sites offer software used on a much larger scale do not rely on such a strict protocol.
Are there any file approval logs or statistics that are likely to change my mind?
What if we told you there has been malicious uploads and the people have been dealt with accordingly?
Then that's great, but the aim of my request is not to be convinced that there has been malicious uploads (I'm sure there were), but that it's such a problem that it warrants complete control over every single file. Not even the TSA is that paranoid.
Why can't you just be happy that there are people dedicating their free time to making sure every file is safe and secure. I'd prefer that over people uploading files at their will. Its good to know, as a server owner and developer, that you're not downloading something malicious because it has been cross checked by other developers.
Why are you worrying? People can download plugin files before they're approved anyway!
If you're found to be linking to unapproved files your project will be bounced back until that link is removed.
Really? When was this announced D:
I've done it once or twice because I'd seen it on other projects
I'm sorry, I didn't know it was unacceptable D:...
As far as I know, the only exceptions are continuous integration servers (as stated on the Wiki) (e.g. Jenkins or whatever else is available now)
I needed to create a pack of malicious files that we could use to train our staff. Instead of making them, I just went to my file history and pulled like 15 of them off the first few pages of activity. We don't keep statistics, but you can rest assured that we're not doing this just because we can. That makes zero sense; there's no incentive for us to do all this work if it's not warranted.
But how do we know we can trust those other developers! What if the whole bukkit team is secretly implementing methods to destroy minecraft as we know it and send out dangerous plugins! #conspiracytheories
Okay then, after talking to other file moderators, I'll trust the situation really just is that bad. I still wonder why though.
It would be great, however, if you could come up with a process or heuristic that allows plugin developers with a good track record to get approved by default (and perhaps later checked)
Again, while it would be nice, the battle of convenience vs. security is inherent to this field. For instance, you may find it easier to use one password for every site, but it takes a severe toll on security.
If implemented, even developers who may not themselves be malicious may not take care of their account's credentials, and subsequently could become subject to people trying to get access to their account just to get a file online for an hour. That's ALL it would take. This suggestion would make them prime targets for attack, and would weaken the security we have put in place. Furthermore, we couldn't tell people their file is verified as secure because we have no idea if it actually is or not.
I can think of easier ways to get evil code on servers. For instance:
my plugin requires an external library, which the plugin page instructs users to install. I replace it with a slightly modified version.
I have good relations to several server owners. I link them a quick bugfix with "extra".
I setup a CI server, as per the plugin rules. Of course, the download links there are special.
My point being, user accounts are not likely the weakest link.
That's why I only download from bukkitdev, or build.sk89q.com... usually...
Our policy extends to off-site downloads as well. If you're encouraging people to download a library from your site instead of the official one, that's a no-no.
You're a bad person
CI server links are regulated by our rules as a gesture towards developers. If you really want to consider abusing them, we'll link you when we deny further attempts for people to use them.
User accounts may not be the weakest link, but they are a source of MASS distribution when uploading a file. You may be able to get a file on someone's server by yourself, but someone with access to a huge developer's account can get a file on tens of thousands.
It's not just the new developers that submit malicious code. "Trusted" developers can and have uploaded backdoors, too.
I know you have the policy, but you're not implementing the same level of safeguard at every point. Not that I'm saying you should...
I concede this point. I would still argue about the actual damage being done. There's only limited value in compromising Minecraft servers (mostly lulz).
I have no doubt. My question is only, how often does it happen?
It happens, and therefor we cannot implement something like this with a clear conscience, let alone doing it with all my previously mentioned points.
I'm comfortable with the current system frankly. I know a rival server who uses my plugin (And I hate them ) - I'd be tempted to put a backdoor if it weren't for Bukkit moderating their plugins, in all honesty.
Everyone does Dropbox links though, and I'm pretty sure (Almost) everyone knows that those files aren't bukkit approved (If they don't, well, they probably don't have much of a server to screw over).
So I'm glad Bukkit moderates it. Keeps people honest. The automated scanning thing is cool, if you could write a script to stop bogus plugins from being uploaded in the first place - As some have said, you can still download files, without the link.
And if your users really trust you, they can always go to your plugin, hit Subscribe, Tick Files, and save. Whenever they upload a version, you'll see it in your newsfeed the moment it's uploaded, and you can download it.
I can't remember which plugin, it was something to do with common banlist of multiple servers... but anyway, they had hardcoded the names of their developpers in it and there was a huge controversy about it. People thought it was preventing them from being banned and stuff. I think it turned out all it did was color their name differently. But that's still not something you should be doing on a public plugin. It's like if I made PlotMe change my name to "ZachBora, PlotMe dev" on servers using my plugin.
If you see a project that uses offsite download links, report it please!
I think this "backdoor" is enough. Maybe you should even display a warning message on the download page to show that the file has not been approved yet.
There are so many idiots on the internet.What if someone overtakes the Account of the Essentials/WorldEdit Plugin and uploads malware?
Keep up the good work!
As much as I like ichat... he has links to his website on it to get latest versions. http://dev.bukkit.org/server-mods/ichat/
ZachBora Report as in use the BukkitDev report feature
I want to finish this statement.
File Approvement is.... yeah you know, its.... AWESOME!!
ah yes, MCAdmin. It also had hidden global bans so the developers could ban anyone they wanted from every MCAdmin-supported server (which was exposed when they used it to ban someone they disliked). It probably did other things. I forget too, though.
Separate names with a comma.