Ah, the Microsoft tradition of always having the wrong priorities.
I wouldn’t be too hard on Microsoft. The requirement to curate public package repositories only emerged somewhat recently, as demonstrated by the likes of npm, and putting in place a process to audit and pull out offending packages might not be straight-forward.
I think the main take on this is to learn the lesson that it is not safe to install random software you come across online. Is this lesson new, though?
I think the main take on this is to learn the lesson that it is not safe to install random software you come across online. Is this lesson new, though?
I think people often have a vaguely formed assumption that plugins are somehow sandboxed and less dangerous. But that all depends on the software hosting the plugin. There was a recent issue with a KDE theme wiping a user’s files which brought this to light. We can’t assume plugins or themes are any less dangerous than random executables.
I wouldn’t be too hard on Microsoft. The requirement to curate public package repositories only emerged somewhat recently, as demonstrated by the likes of npm, and putting in place a process to audit and pull out offending packages might not be straight-forward.
I think the main take on this is to learn the lesson that it is not safe to install random software you come across online. Is this lesson new, though?
I think people often have a vaguely formed assumption that plugins are somehow sandboxed and less dangerous. But that all depends on the software hosting the plugin. There was a recent issue with a KDE theme wiping a user’s files which brought this to light. We can’t assume plugins or themes are any less dangerous than random executables.