search

Cog-Creators / Red-DiscordBot

A multi-function Discord bot
https://docs.discord.red
GNU General Public License v3.0
4.84k stars 2.31k forks source link

[RPC] Our RPC server is unmaintained #5501

Open Vexed01 opened 2 years ago

Vexed01 commented 2 years ago

Red version

3.5.0.dev1

Description

Our RPC server library, aiohttp-json-rpc, found on PyPi and GitHub has been marked as archived on GitHub and therefore is unmaintained.

This is not so important with #4381 but as this is a dependency with networking I guess there is a heightened risk of a security vulnerability, though I am not the expert on this matter/best practices with unmaintained stuff.

Proposed solution

Idk. Accept it until ZMQ? Move to another library? Also as I'm not using a template why did I make this heading when I don't have much to say lol.

Jackenmen commented 2 years ago

Per the documentation, RPC support is included on a provisional basis and for security reasons is bound to 127.0.0.1 without a way to change that so attack vectors are limited. I don't think we should drop RPC before we switch to something else (e.g. ZMQ).