Right since I feel bad cluttering up the WAYWO thread with arguments about how combatting backdoors is best fulfilled. I presented a potential approach to the problem and it was met with a significant quantity of deconstruction on the idea that users should just have to read everything - an idea that I don’t think we can fully credit but let’s have an actual discussion about it.
Moat presents the following pie chart from a sample of 100 workshop backdoors:
Note: as far as I can tell he didn’t read what happens in timer, http or chat command. The three largest groups could be dealt with in a whitelist style system that was proposed in the WAYWO thread.
From the outset we should define the constraints of our model, to me that looks somewhat like this:
- We shouldn’t expect every backdoor to be found through an audit.
- We shouldn’t trust workshop addons to always be clean - especially after an update.
- We should expect the average user to not be able to audit through the several tens of thousands of lines of code that run through a server. It would take far too long and the alternative of “don’t use it” defeats the purpose of community made scripts.
Can we have a civilised discussion about this that doesn’t dissolve into “natural selection for servers” - a concept that is still bizarre to me.