godotengine / godot-asset-library

PHP frontend for Godot Engine's asset library
https://godotengine.org/asset-library
MIT License
294 stars 98 forks source link

Proposal - Reverse submission work-flow #93

Open brandonlamb opened 8 years ago

brandonlamb commented 8 years ago

Instead of creating a bottleneck with moderators/approvers, what if when an asset was submitted it was automatically available.

At that point it could show as "community" supported, and then the testing support can be added once a moderator/approver tests out the asset.

You could possibly ping github to validate/verify the repo as required (some kind of spam protection?).

bojidar-bg commented 8 years ago

@akien-mga I'm thinking... what if we expose a "testing API", which would allow everyone to get "bleeding edge" versions by autoapplying all edits on demand (and disabling SHA protections). Wouldn't this solve issues such as this one and #94?

brandonlamb commented 8 years ago

Possibly. I guess I was questioning do you really want to be in the business of having to review every single submission and edit. Is that maintainable if this really takes off?

The reverse could be allowing users to feel safe by filtering/downloading "curated" (moderated) assets, while still being able to download "uncurated" which havent been reviewed/tested yet.

Or allow the community to do this via ratings or "as a user, i verify this worked for me".

akien-mga commented 8 years ago

Well it's not about checking that assets work, it's about security. We don't want Godot to be a major security vulnerability, where malicious content could be installed on the machines of our users via the assetlib. With the way the assetlib works (allowing you to download the contents of any public git repo), it's trivial to ship a malicious binary and have it executed automatically by Godot using os.execute().

This is also way we validate all approved zip archives with their sha256 sum.

brandonlamb commented 8 years ago

I'm not passionate enough about this topic to argue one way or another but would ask the question, isn't it as possible to download an npm module that does the same? Does someone review all npm modules submitted? Any shared code can potentially harmful code.

Does unity review all source code of submitted user assets (maybe they do)?

vnen commented 7 years ago

I think it's possible to do a "caveat user", wash our hands a bit and do the reverse approach: banning malicious content. However, we need to make sure the submission process can't be too automated to avoid bots filling the asset lib with bad content. If account and asset creation are manual and we enable GitHub hooks to just auto-update the assets, I believe it is manageable. (I assume the other providers have a similar function).

At one point there might be too much stuff to manually moderate, making the process itself less reliable anyway.

Just my 2 cents.

arypbatista commented 7 years ago

I would suggest: let's continue with the manual-moderation approach but let the community have access to the listings through a REST API: { name, version, url }

kjcasey commented 7 years ago

Just used the reverse-submission work flow to manually moderate a few nasty sounding (curated) bugs that had been promoted to high status. That should buy me at least another 24 hour life-cycle. Thanks to all the coding contributors! You rock on!

mhilbrunner commented 7 years ago

I think your time would be better spent elsewhere, working on Godot, rather than looking at asset submissions - sure, ban reported malicious stuff, but GitHub doesn't screen public repos, neither does any package repository I know of. (pip? npm?)

Developers have to do due diligence when including a third party dependency anway:

Is it working? Is it secure? Is it maintained? Is it maintainable?

That should not be your job. You can recommend (curate) assets, but you should not aim to be the gatekeeper of every available asset.

Now, if, at some point, assets are available for money on the Asset Library and you get a cut of the profit, sure, moderate away. :)

Edit: Seeing as there is a "cost" filter on the Asset Library, I seem to have missed that this may already be the case, even if most (all?) currently available assets are free. In that case, moderate assets with price > 0?

willnationsdev commented 6 years ago

@mhilbrunner

Developers have to do due diligence when including a third party dependency anway...That should not be your job. You can recommend (curate) assets, but you should not aim to be the gatekeeper of every available asset.

Preach it man~ ;-)

Calinou commented 6 years ago

What about automatically approving assets submitted by users who already have at least one asset approved?

willnationsdev commented 6 years ago

@Calinou At a bare minimum, I'd think that should work.

follower commented 5 years ago

Developers have to do due diligence when including a third party dependency anway:

I think it's worth keeping in mind that--in the context of Godot--"developers" includes e.g. less technical/experienced people such as designers and kids/teens coding their first game and therefore less able to evaluate code.

Another factor is the stated desire to keep the Godot core minimal and have standard practice be to require some functionality to be installed separately.

In addition, with any sort of package hosting system IMO it's pretty much inevitable that a malicious/damaging package submission will appear or be attempted--whether that's due to mistake, purposefully or due to a security breach. And if it's an open source project there's probably an issue just like this one that gets pointed to as a result. :)

I agree that it would be nice if the core developers were freed from doing review work but would there be enough other community members to step up to form a review team?

If such an event is "inevitable" I think it's worthwhile to consider these questions in relation to the topic:

  1. What process/precautions can be put in place to be prevent such an occurrence?
  2. How will damage be reversed/fixed/prevented should such an event occur?
  3. What will be the cost/impact of such an event on the project?