2016-05-04, 19:31
I'm guessing most devs who would know ducked out a while back, but didn't ruuk work on an addon a while ago specifically for encrypting passwords or addons?
(2016-05-04, 19:24)Lunatixz Wrote:(2016-05-04, 13:39)DarkHelmet Wrote: This really made me think. Some addon creators do not upload their addons to the official repo for whatever reasons. The German kodinerds forum even has two own repos (their position to legal/illegal addons is basically the same as here though). While I basically trust the guys I think it's wise to not create temptations.
I have Google Music, Amazon Prime Music and Prime Video addons installed. To make them work I had to enter my Google and Amazon account usernames and password. Can these theoretically be obtained by another addon? This is what I would call a pretty big temptation.
Let's clear this up... Yes, any personal information entered into a plugin can theoretically be stolen...
Trust that plugins found here (though not in the official repo) should be considered safe and legal... There are MANY factors that keep plugins out of the official repo.
(2016-05-04, 21:25)DarkHelmet Wrote:(2016-05-04, 19:24)Lunatixz Wrote:(2016-05-04, 13:39)DarkHelmet Wrote: This really made me think. Some addon creators do not upload their addons to the official repo for whatever reasons. The German kodinerds forum even has two own repos (their position to legal/illegal addons is basically the same as here though). While I basically trust the guys I think it's wise to not create temptations.
I have Google Music, Amazon Prime Music and Prime Video addons installed. To make them work I had to enter my Google and Amazon account usernames and password. Can these theoretically be obtained by another addon? This is what I would call a pretty big temptation.
Let's clear this up... Yes, any personal information entered into a plugin can theoretically be stolen...
Trust that plugins found here (though not in the official repo) should be considered safe and legal... There are MANY factors that keep plugins out of the official repo.
Thanks for clearing it up. The Prime Video addon will hit mainstream with Krypton, because it needs inputstream to work. Assuming it's an addon, which many might use, Amazon account information would be quite a target for shady addon devs. The account name and password is stored by the addon.
Can I REALLY trust every one of the developers that far? I mean my Amazon account is attached to my credit card and whatnot, creating quite a honey pot. This really makes me think. I do not even have that many addons installed but what about other users?
(2016-05-04, 22:47)boogiepop Wrote: i want to put another perspective. Why do addons keep competing with each other? i think this is the baseline and the root of a very fundemental resolation. deleting each other is the way how they compete, but the real question is why? They dont earn fortune out of it for sure. Reputation, immaturity?
(2016-05-04, 22:31)Lunatixz Wrote:(2016-05-04, 21:25)DarkHelmet Wrote:(2016-05-04, 19:24)Lunatixz Wrote: Let's clear this up... Yes, any personal information entered into a plugin can theoretically be stolen...
Trust that plugins found here (though not in the official repo) should be considered safe and legal... There are MANY factors that keep plugins out of the official repo.
Thanks for clearing it up. The Prime Video addon will hit mainstream with Krypton, because it needs inputstream to work. Assuming it's an addon, which many might use, Amazon account information would be quite a target for shady addon devs. The account name and password is stored by the addon.
Can I REALLY trust every one of the developers that far? I mean my Amazon account is attached to my credit card and whatnot, creating quite a honey pot. This really makes me think. I do not even have that many addons installed but what about other users?
Not sure what you mean by "The Prime Video addon will hit mainstream with Krypton, because it needs inputstream to work"?
(2016-05-05, 03:11)Ned Scott Wrote: I would just like to say that I don't think primaeval is trolling. He has several good points that are valid topics to discuss. I don't entirely agree with everything he said, but what he said isn't unreasonable.
There are reasonable expectations for what computers can and cannot do. Someone who sees a program as nice and as polished as Kodi will have a reasonable expectation that there isn't a gaping hole in security (that requires that they vet Python code). They should still be careful of what they download, but remember that tons of sites are violating Kodi trademarks and making bad-add-ons look totally legitimate. At least, enough for an initial download.
As Kodi gets easier for the everyday user, things like this only becomes more of an issue. Kodi is a power user's tool that is now within reach of everyone.
I don't think we're at the point were something drastic, like ripping out python, is necessary, but we are on that path. It might not be the only path, but something will need to be done, and the sooner the better. We might not need tinfoil hats and totally sandboxed/locked down applications, but at the very least things like warnings and levels of control. A way for Kodi to still be powerful, while not having the "front door" unlocked by default.
At the very least, people will have different views about the matter. It's not a bad thing to be able to discuss all of those views in this thread. As long as everyone can be reasonably nice about it
(2016-05-02, 19:28)jmh2002 Wrote: Even a trusted developer can decide to have a bit of a melt down for whatever reason (commonly it seems to be either other developers or ungrateful users upsetting them), throw all the toys out of the sandpit, and do something perhaps regrettable.
(2016-05-05, 10:53)da-anda Wrote: IMO there are a couple issues to tackle
- secure credential storage / key ring / whatever