Just noticed someone posting a new plugin in the release section (
http://community.mybb.com/thread-84369.html ) and was wondering what others thought of the fact that users that are denied support are allowed to submit plugins. In my opinion this is crazy and leaves the plugin submission system open to security issues.
I understand some people that are denied support might not necessarily be bad people but thats not always the case. There is a percentage of users out there that are denied support here, that run hacking forums and the likes.
Im wondering why on earth would mybb let such users (with the possibility of a hacking background) submit plugins for the entire mybb community ?
If the plugin doesn't have any security issues it self why shouldn't they be able to? Labrocca is one the best known plugin devs and he's denied support and runs the largest hacking forum.
Just because they are denied support doesn't mean they shouldn't be allowed to contribute to the project. I personally would feel safer downloading a plugin here than a 3rd part site I've never heard of.
(2012-12-10, 05:57 PM)Alex Smith Wrote: [ -> ]If the plugin doesn't have any security issues it self why shouldn't they be able to? Labrocca is one the best known plugin devs and he's denied support and runs the largest hacking forum.
Im only putting the question out there, looking for others views on it, thats all.
We've had this discussion before. Regardless of whether they're denied support or not, plugins are checked for security issues or malicious code.
The denied support label shouldn't stop people from contributing to MyBB. With thousands of users coming from hacking forums to use MyBB, regardless of whether they start a hacking forum or not, it's inefficient to block the small amount of users denied support from uploading submissions when there's nothing stopping any other member from uploading a plugin with security issues.
The problem you create when you do not allow users who are denied support to upload plugins is the fact they will create their own sites. Which is not checked in any way.
So i see no use of not allowing denied support members to upload plugins. What exactly would it achieve not allowing them? Except pushing people away from mybb?
If you deny them or not they can still create their own site and distribute them regardless. Regarding the blog post in the link below, this is a prime example why "certain" users that are denied support should not be allowed to upload plugins. Again thats just my opinion.
Blog Post:
http://blog.mybb.com/2012/09/20/using-pirated-mods/
(2012-12-10, 10:09 PM)Frank.Barry Wrote: [ -> ]If you deny them or not they can still create their own site and distribute them regardless. Regarding the blog post in the link below, this is a prime example why "certain" users that are denied support should not be allowed to upload plugins. Again thats just my opinion.
Blog Post: http://blog.mybb.com/2012/09/20/using-pirated-mods/
We haven't had very many issues at all with users uploading plugins for distributing malicious code here.
The blog post has nothing to do with this site, and is mainly referring to paid plugins which have spread on to warez sites where the uploader has added malicious code to submissions. If we discover anyone here is doing such a thing, on this site or not, they're banned. We don't want people like that in our community.
Once again, submissions ARE checked before they are approved. We take security very seriously at MyBB.
(2012-12-10, 10:09 PM)Frank.Barry Wrote: [ -> ]If you deny them or not they can still create their own site and distribute them regardless. Regarding the blog post in the link below, this is a prime example why "certain" users that are denied support should not be allowed to upload plugins. Again thats just my opinion.
Blog Post: http://blog.mybb.com/2012/09/20/using-pirated-mods/
Funny thing is there are not any plugins on the mod site currently that would destroy your site.
Because those are all checked properly, while the post you are revering to has to do with for example that site that posted pirated themes and plugins. (external mod sites)
But your point is instantly invalid since all plugins are checked. While i do agree that if a user uploads a plugin to the mod site, which when looked at is found to contain malicious code, should never be allowed to upload plugins again.
But that has nothing to do with being denied support.
Why is this still open? It's something that shouldn't and isn't being discussed, it's a silly thread.