This is the original, started two weeks ago… the topic you link is 20 hours young.
I believe I linked a similar thread to this one at some point since this one was started by a moderator. Although I think this thread and the one you linked are vaguely different. This one discusses technical aspects of plugin validation as well as how they’d be hosted. The other you linked is more about a web site for people to access hosted mods that are being validated.
Then you get down with your bad self and program this in your spare time in one day. I expect a fully realized, completely UI’d, fully functional DBO replica within less than 6 hours.
As to your other comment, yes it is within their right. That does not make it right though. And no, they could not sue for damages if someone uploaded a closed source mod to their open source hosting directory. They could remove it yes, seek legal action, highly unlikely. Please troll elsewhere.
I’m guessing you have the same complaint again SourceForge or Google Code? What about Travis/GitHub’s model?
How about asking curse to host sponge plugins, similar to how they already host bukkit plugins and minecraft mods? They already have a really nice platform for this. So that would mean no need to additionally recreate all of this.
Regarding file approval I vote for proposal 3: instant available to the users but marked as ‘attention, not yet approved’.
1 Like
I am really in for Proposal 1. I liked BukkitDev. I think SpongeDev would be awesome.
Following Suggestion 3; What about adaptive quantities for trust values with set minimums and maximums, to keep it all in balance and to keep the managing staff from having to dig up and modify values from months if not years before.
I think it is extremely important to have a very clean and well functioning system. I’m totally all in for proposal one. I know a lot of people would disagree, but really it was quite an undefeatable system (sure it had a few faults, but what doesn’t?)
I, personally, applied multiple times (as did others) to help review plugins on BukkitDev but not once was I ever contacted back (even when I inquired about it) about receiving a position on the team. I even offered to have a voice-chat interview and present my skills, but still no. I think if there was a better hiring and auditing process of potential review volunteers, then this system could possibly be a lot better than how BukkitDev was.
Now, I know it does mentally drain those volunteers but I think it is the safest and possibly the best way to carry this out. I’m not quite sure how well a community-run verification process would blow over, given that most of the community when Sponge is rolled out completely is mostly going to be server owners. Most server owners (going by who I’ve come in contact with) do NOT code, or at least not very often. They often can’t see back-doors, however obvious they may be. This isn’t entirely their fault, it does take some expertise for sure.
Proposal three could work. But if that system is to be used, I don’t think people should know exactly how it works. If they did, then take a scenario where an uploader could upload a clean and non-malicious file to be accepted by the system and then only after that upload another file that is extremely malicious. This could, obviously, be disastrous.
To be honest, I think proposal one is the greatest. Feel free to compete with me here, but I feel that if the hiring and auditing of potential volunteers was improved that this system could be the best way to go.
Just my two, or three, cents. 
I’m still in favor of option 3. I think the issue of re-uploading malicous code after the previous clean code is approved can be automatically managed by the repo server (just a md5 check and flag it for re-review, since generally every version needs to be re-validated anyways). There’s probably also tools reviewers can use to locate changes made to the file if that’s done to more quickly realize if there’s an issue with the changes.
It’s not just about skills. Why would anyone trust you (or any other random applicant)?
Not trying to insult you here, but that’s really the downside of any reviewed system; unless a bunch of very established and trusted people (sk89q IMO, for example) have the exclusive reviewing responsibility then all it’s going to lead to is a false sense of security. And even if that was the case then these people have a chance to betray that trust.
Take a look at that.
I can see where @teozkr is coming from there. As a server owner, when I’m in need of more staff, I don’t like to simply go off how experienced they sound. I like to get to know them for a while and make sure they seem like a decent person so they don’t turn around and try to destroy the server.
2 Likes
Totally agree, when I need a new mod or admin to help run the server I only consider players that have been a regular player on the server for at least a year.
Sure. I totally understand that, but this is far from a server. This is reviewing plugins that would be put on a server to be sure they won’t be malicious to you. If you look at it that way, I can see it as possibly a bit more important than a regular staff on a server 
I understand where you guys are coming from, trust me. In my business we do background checks on people before creating them as actual employees in our computer (IRL), so I get it
I’m not sure how possible (or feasible) it would be to do that with Sponge but if they did need that, just to make a point, I would let them do a background check on me to join the reviewer team but that is quite a bit of trouble just to volunteer, eh?
Anyhow, I understand what you guys are saying. You need to trust someone and not just see their skills, it works a lot like real life (because, hey, it is real life I guess :D). That’s what I meant by having a voice chat with them. They can talk with me for a while and figure that I’m a decent guy. Not to mention I’m on the IRC A LOT 
1 Like
I prefer @Cyclometh idea (proposal 3). It sounds good and working solution.
For runtime permissions (requested when plugin is installed/starts), I can say only one thing. Its bad idea. Java sandbox is already buggy and insecure in applets - how we could make better one using no native code? Android uses its own JVM, which supports it, but Oracle’s/Sun’s one doesn’t support that.
if it was a properly implemented API, tracking this status would be pretty trivial. All uploaded plugins would start at an “unsafe” status (I dont like unknown, as it doesnt accurately relay the message here). The community can then upvote/downvote it and after a specific number of upvotes from unique users, it would then get reclassed as “community reviewed”. Once a Sponge staff member approves the plugin, it is deemed “safe”.
The plugin management system should, by default, only allow for “safe” plugins. It should be trivially easy to enable the “community reviewed” plugins however. It should be more difficult to enable “unsafe” plugins.
7 Likes
Now that’s explained it makes a lot more sense and sounds a lot like repo sources in linux.
I like the idea of reviewing the first file, but like you said, people can upload a non-safe file after that.
I think that someone could possibly code a system that checks for any type of backdoor, and when one is found, it blocks it, and when a moderator discovers a new type of backdoor, it will be added to the advanced scan, which will learn how people are trying to get around the system. If we combined an advanced scanning system like this with the usual moderator check, it would probably produce a mostly secure system.
I can say I hated it on Bukkit when I had to wait 18 days for my plugin update to be released, and so I hope that we have a large enough staff that this does not happen here.
Option #4: Copy the big boys.
Charge developers a one-off fee to release plugins. Use a downloadable automated check for simple things (necessary information, file format, etc.)
Options include returning the money after x months/downloads without a problem or simply using it for hosting fees.
I have a feeling this would conflict with a lot of people. Especially the younger generations trying to get started with development.
Pros are that there’d be less clutter of plugins, less repetitious plugins, less junk plugins, etc, and hopefully less malicious ones (although depending, someone still may pay to have one uploaded).
Cons would be that only people with a bit of spare cash can upload. There’d be fewer younger developers more than likely. Also would be less good developers who don’t want to put money forward.
All in all, I don’t think that scheme fits this very well. I think it’d require Sponge to have an official fiscal account, and I’m not sure they’re inclined to do that. May introduce some sort of legal issues somehow or another. Random note, I’m pretty sure I’ve seen your avatar floating around the Bukkit forums quite a lot O.o Sorta like Desht, seem to be everywhere all the time XD
2 Likes