G2O About external modules.

[Kemi]

i like the idea of julien too.

dependency is a very high value for everything. When we have to get "autohorisations" from you guys.. for every update of this modules.. we lost this independance.

so i think its the best when a warnung appears and every user has to make his choice to trust the server or not

[Bimbol]

i like the idea of julien too.

dependency is a very high value for everything. When we have to get "autohorisations" from you guys.. for every update of this modules.. we lost this independance.

so i think its the best when a warnung appears and every user has to make his choice to trust the server or not

I know, thats why server will show warrning box, only if module isn't authoarized. So u are free to join, but u have to take a risk.

[Kemi]

@bimbol will you check and authorize by yourself?

not everyone want to show his code or modules. and no one want to check it after every update.

so i think the best is... that some server which u/other admins now very well.. get some "thrusted server" tag.
new servers dont have this tag and the users have to klick this warning message

i dont like the idea.. to xray all mudoles to check them. everyone want to be independent

[Bimbol]

@bimbol will you check and authorize by yourself?

not everyone want to show his code or modules. and no one want to check it after every update.

so i think the best is... that some server which u/other admins now very well.. get some "thrusted server" tag.
new servers dont have this tag and the users have to klick this warning message

i dont like the idea.. to xray all mudoles to check them. everyone want to be independent

You still don't get. Everyone are independet, they don't have to authoarize module by every update. You don't need to authorize module to join the server for test or something. I don't really need source code, I can analize module in IDA, and scan module with many online scanners. Well, making server status trusted have really no sesne. Servers can have the same name, so we have to save ip and port. And what if you will change ip, or port? Server will be unauthorized.

[Brix]

Modules are way too promising to throw them away because of minor problems. It's not that I underestimate security-issues, but there is soooo many situations on the internet where your only chance is to trust the host... - However I guess it's important that People know what they are getting into, so a warning of some kind seems to be appropiate.

Nevertheless the warning SHOULD NOT state: The Server code is unsafe, do you want to trust it (Yes/No).   

Just because the code hasn't been checked by a third party, it'd be unfair to assume that it's unsafe, since such a statement might scare people. The word "unsafe" seems a bit too harsh for my sentiments.
Other than that, I'd have no problem with you guys being able to give us a third party approval, to assure Players that there's nothing wrong about our server modules. I could live with Kemi's suggestion of a "Trusted-Server" - Tag.

[Bimbol]

Well ok, but I have to inform player, that this module wasn't authorized. Thats all.

[Steven]

I can just agree with some of the previous posts, not to remove external modules usage. From my opinion there are enought security issues in every software and I guess, that this is the case in G2O too. So if someone wants to harm your computer, this will not only be possible via external modules but via Client-Squirrel-scripts or any "hacking-way".

So I recommend to just follow the way Julian suggested, to warn the user if a server uses external modules and that those can be a security lack.

Additionally you could add a kind of "server reputation" - feature, where players can give a positive or negative (Like or Dislike) reputation to a server which is shown in the server browser. According to Francis Galton and his experiments about the intelligence of a crowd of people and statistics those servers with many positive and only some negative reputation points will be servers the player can trust.

[Chōshū]

I can just agree with some of the previous posts, not to remove external modules usage. From my opinion there are enought security issues in every software and I guess, that this is the case in G2O too. So if someone wants to harm your computer, this will not only be possible via external modules but via Client-Squirrel-scripts or any "hacking-way".

So I recommend to just follow the way Julian suggested, to warn the user if a server uses external modules and that those can be a security lack.

Additionally you could add a kind of "server reputation" - feature, where players can give a positive or negative (Like or Dislike) reputation to a server which is shown in the server browser. According to Francis Galton and his experiments about the intelligence of a crowd of people and statistics those servers with many positive and only some negative reputation points will be servers the player can trust.

That's not a good idea. Why? There are to many Trolls and haters which will destroy every serious reputation system. How you will check if the Like/Dislike is serious and no fake?