[Gambas-user] Gambas Software Farm in revision #6666 (!)

Kevin Fishburne kevinfishburne at ...1887...
Sun Nov 23 05:48:34 CET 2014 

On 11/22/2014 09:30 PM, Benoît Minisini wrote:
> Hi,
>
> It's late there, but I wanted to make that available as soon as possible
> so that people can see it and comment, even if it is not finished at
> all. (It's for the revision number too...)
>
> I added a new button in the IDE welcome dialog that opens the "Gambas
> Software Farm" dialog.
>
> At the moment, it allows to browse the content of a Gambas farm. By
> default, it should points at 'http://gambaswiki.org' for testing.
>
> Voting for a software and installing a software is not done yet.
>
> I have registered the 'gambasfarm.org' website, so that it become the
> official Gambas Software Repository in the future.
>
> At the moment, registering to a farm is possible from the IDE option
> dialog only. And publishing is done from the 'Publish...' menu entry.
>
> Waiting for the comments now...
>

This is going to be a killer feature, so thanks for your continued work 
on it.

Despite the fact that we currently have a pretty tight-knit community of 
(hopefully) virtuous people, as with any software repository something 
that will require consideration is the potential for malicious 
applications to be uploaded to a repo.

The recent Sylph demo I made available, for example, is a binary without 
source (since I plan to release it commercially). I could have made it 
search for personal information and upload it to an FTP site somewhere 
and no one would have known the difference. Obviously I didn't do that, 
but the point is how would anyone know?

GAMBAS currently (as far as I know) doesn't have a budget to have people 
review source code, and I'm not even sure if making the source code 
publicly available should even be a requirement for addition to a repo, 
so I'm not quite sure how this problem could be addressed. At the bare 
minimum there should be (perhaps as an expansion of the voting system) a 
"Flag as malware" option or a review period before an application is 
made available to the public. The registration process to upload 
applications could also be made stronger somehow.

Something else to consider are applications that contain illegal 
content, such as IP violations or other things that shall not be 
mentioned. Any sort of centralized (non P2P) "content distribution" 
system has to face these issues, so I just wanted to give everyone food 
for thought to prevent us showing up on Slashdot for the wrong reasons. :)

-- 
Kevin Fishburne
Eight Virtues
www: http://sales.eightvirtues.com
e-mail: sales at ...1887...
phone: (770) 853-6271

More information about the User mailing list