On Tue, Dec 23, 2008 at 1:53 PM, Geoffrey Hutchison geoff@geoffhutchison.net wrote:
technically speaking, GetBundles lets you download unknown bundles which can execute arbitrary code on my machine.
Remember, you are downloading code from public code repositories, where you can
a) check the code for security issues
b) identify the creator and report those issues
I think if somebody where to include malicious code on a bundle, it would be kicked out of the community quite fast...
On the other hand, code does not always work as expected and yes, there is a risk some script running out of control ends up erasing your whole hard disk... But I think we've done a pretty good job until now (meaning: all stuff in edge is pretty well tested before it gets out in a public release : )
Me, I'd rather have an open space, nicely gardened by volunteers than a walled sandbox.
Just my 0.02