Add ons manager - development and bugs topic

Here's the place for discussion related to coding in FreeCAD, C++ or Python. Design, interfaces and structures.
User avatar
yorik
Site Admin
Posts: 11510
Joined: Tue Feb 17, 2009 9:16 pm
Location: São Paulo, Brazil
Contact:

Re: Add ons manager - development and bugs topic

Postby yorik » Wed Jul 10, 2019 9:33 pm

Ok this is now done in git commit 334222540, it should now be easier to support other git hosting platforms. It's just a couple of additional cases to add at the end of addon_utilities.py.

It is now possible to install the mooc WB without python-git.

Unfortunately, for the readme, it is generated in the browser, on the fly, with javascript. So it's not present when downloading the HTML of the page and we can't read it... This is silly, don't know why gitlab people did it that way...
User avatar
sgrogan
Posts: 5328
Joined: Wed Oct 22, 2014 5:02 pm

Re: Add ons manager - development and bugs topic

Postby sgrogan » Wed Jul 10, 2019 11:31 pm

yorik wrote:
Wed Jul 10, 2019 9:33 pm
Unfortunately, for the readme, it is generated in the browser, on the fly, with javascript. So it's not present when downloading the HTML of the page and we can't read it... This is silly, don't know why gitlab people did it that way...
Thanks yorik it gets better everyday!

Maybe now we should bounce this message down a level?
w.PNG
w.PNG (22.6 KiB) Viewed 489 times
The stuff available from addon manager are not reviewed by the core FreeCAD team, but they are vetted (sometimes more or less) by the FreeCAD community.
IMHO this warning is warranted for the "configure" ie custom workbenches.I think the user should still opt in to addons, only with a softer message?
jmaustpc
Posts: 9566
Joined: Tue Jul 26, 2011 6:28 am
Location: Australia

Re: Add ons manager - development and bugs topic

Postby jmaustpc » Thu Jul 11, 2019 8:20 am

sgrogan wrote:
Wed Jul 10, 2019 11:31 pm
Maybe now we should bounce this message down a level?
I think the message should be strong because we don't have any approval or moderation system at all. Since it's so easily installed from within FreeCAD people could very likely get a false sense of security.
User avatar
yorik
Site Admin
Posts: 11510
Joined: Tue Feb 17, 2009 9:16 pm
Location: São Paulo, Brazil
Contact:

Re: Add ons manager - development and bugs topic

Postby yorik » Thu Jul 11, 2019 2:50 pm

maybe instead of "are not reviewed by the FreeCAD team" (because indeed they are, more or less), we could say something like "are not under the responsibility of the FreeCAD team"?
User avatar
Kunda1
Posts: 5491
Joined: Thu Jan 05, 2017 9:03 pm

Re: Add ons manager - development and bugs topic

Postby Kunda1 » Thu Jul 11, 2019 2:59 pm

yorik wrote:
Thu Jul 11, 2019 2:50 pm
maybe instead of "are not reviewed by the FreeCAD team" (because indeed they are, more or less), we could say something like "are not under the responsibility of the FreeCAD team"?
@yorik, more or less is pretty vague though. Maybe we can be specific about what are vetting process is? Eventually, as FC grows we're going to need some sort of more in-depth vetting process. But that is still down the road
Want to contribute back to FC? Checkout:
#lowhangingfruit | Use the Source, Luke. | How to Help FreeCAD | How to report FC bugs and features
User avatar
sgrogan
Posts: 5328
Joined: Wed Oct 22, 2014 5:02 pm

Re: Add ons manager - development and bugs topic

Postby sgrogan » Thu Jul 11, 2019 9:05 pm

Kunda1 wrote:
Thu Jul 11, 2019 2:59 pm
@yorik, more or less is pretty vague though.
I think this was in just my term.

Stuff in the add-ons repo is not the responsibility of the FreeCAD team. They are basically community vetted. After all that got added to the repo somehow.
From the configure tab a stronger message is warranted in my opinion. These could come from anywhere.

I'm in agreement with yorik that the add-on developers should become more "first class citizens" In commercial products sometimes these things are "Trusted Partners"
User avatar
Kunda1
Posts: 5491
Joined: Thu Jan 05, 2017 9:03 pm

Re: Add ons manager - development and bugs topic

Postby Kunda1 » Thu Jul 11, 2019 10:52 pm

I'll clarify, i'm coming from the perspective of a user now. All these Addons/Workbenches with lots of code and functions and the ability to use python or git to download things from the web or start local servers (*cough*backdoors*cough*) etc... how do i know that I'm not compromising my box when I install these things?
There are all sorts of stories of attempts to compromise services like npm and even audacious attempts at the linux kernel.

As FC becomes more and more popular (we're seeing this as moderators where users are joining at an exponential rate daily!) we're going to need to think about how to seriously vet this 3rd party code or make distinctions between level of vetting.

This has been on my mind and i apologize if this takes the conversation off topic but just wanted to insert a nagging anxiety that I've been feeling for a while now (especially helping @yorik with the Addons repo).
Want to contribute back to FC? Checkout:
#lowhangingfruit | Use the Source, Luke. | How to Help FreeCAD | How to report FC bugs and features
User avatar
sgrogan
Posts: 5328
Joined: Wed Oct 22, 2014 5:02 pm

Re: Add ons manager - development and bugs topic

Postby sgrogan » Thu Jul 11, 2019 11:02 pm

Kunda1 wrote:
Thu Jul 11, 2019 10:52 pm
This has been on my mind and i apologize if this takes the conversation off topic but just wanted to insert a nagging anxiety that I've been feeling for a while now (especially helping @yorik with the Addons repo).
We should open a new thread to discuss this. As the Addon manager becomes more and more mature the discussion is more important.
User avatar
yorik
Site Admin
Posts: 11510
Joined: Tue Feb 17, 2009 9:16 pm
Location: São Paulo, Brazil
Contact:

Re: Add ons manager - development and bugs topic

Postby yorik » Fri Jul 12, 2019 2:45 pm

Maybe we could think of a proper "reviewing" system. That is, there would be addons that got reviewed by us, some which aren't. That would allow us to keep adding any new addon to the list, but it would help making trusted people feel trusted.

But there are complicated issues, though: We can trust people we know for quite some time, who have discussed their addons here on the forum, etc. But that would be a trust system based on the person, not the code. It's not fair. A new unknown addon developer should be able to ask for review too, which we could do. But since people can change their code all the time, this could quickly require huge amounts of reviewing time...
User avatar
Kunda1
Posts: 5491
Joined: Thu Jan 05, 2017 9:03 pm

Re: Add ons manager - development and bugs topic

Postby Kunda1 » Sun Jul 14, 2019 3:18 pm

2 bugs in Addon Manager:
1. after uninstalling addon all logos for other addons dissappear in the Addon Manager dialog
2. after uninstalling an addon, click around on different addons (happens sometimes with just 1 but average is 3 different attempts) FC will crash hard with a very unhelpful error (this may be appimage related.
Relevant thread:
https://forum.freecadweb.org/viewtopic.php?f=3&t=37721
Want to contribute back to FC? Checkout:
#lowhangingfruit | Use the Source, Luke. | How to Help FreeCAD | How to report FC bugs and features