I don’t think this is such an issue. Since add-ons will be reviewed and opensource, I think malicious ones, or just, banally, non-compliant ones, will be spotted by the reviewers. This is also how, for example, Mozilla has ensured a safer extensions environment in Firefox, as opposed to the awfulness of Chrome’s non-moderated/automatic extensions store.
And, again, this is already the status quo. People are downloading add-ons from anywhere and installing them. Only difference is, there are no guidelines and no humans reviewing them.
(as an aside, PyPy offers a python sandbox. Dunno if it could be of any use for future implementations, or if any better implementation exists…)
I think the problem could be addressed by changing that label to something more informative. You’ll probably prevent questions and complaints once Blender will ship, without promising a degree of control that currently cannot be enforced via software. Some proposals:
Enable Extensions Platform
Allow Extensions Platform Online Connection
Allow Blender To Download and Update Extensions
Allow Connections To Blender’s Extensions Platform
I’m doing this already but keep doing it for Blender 4.3 and later since the checkbox we’ll get is not doing anything
Yes, it will solve a lot of problems if it is called “Enable Blender extensions”.
If the user enables the checkbox, a warning should be displayed:
“Blender and installed extensions can connect to the internet without asking you permission”: “Do you want to give explicit permission ?”
And then it’s up to the user what happens or what the user trusts or not.
If the user disables the checkbox, a warning should be displayed:
“Blender’s connection to the extensions platform is disabled but any installed extensions can still access 3rd party online resources without asking you permission”
But the checkbox should be really renamed because otherwise people will think (like I thought first) that Blender blocks all traffic to the internet for any installed extension if online access is disabled!
I think the number of extensions will become so big that it will be very hard to maintain it. It will be more code then Blender itself after some time and testing all this will need people hired especially for this (since it’s hosted and approved by Blender itself and should be tested very well before accepting an extension).
But on the other hand, it gives users more features and can make Blender also more popular. Maybe some extensions are so good/handy they will make it into Blender’s code. Or maybe they’ll give ideas to the developers for even more features.
Only the future can tell what will happen
It won’t. Removing the addons from default Blender download will make 4.2 about 5MB smaller. Basic browsing of the Extensions website will download more data then that.
I don’t think that’s fair. The checkbox turns off blender itself connecting to the internet. That’s not ‘nothing’. It doesn’t change anything to the fact that addons can call any python code they want, and even call into external programs. But this has always been the case. It would be a good idea to educate naïve users but that doesn’t really have anything to do with the whole extensions discussion. Apart maybe from making people realize it only now.
This checkbox is not about python scripts in addons. Those are always able to run, that’s what an addon is. This checkbox is about embedded scripts in the .blend file. And I don’t think there is a way to tell blender ‘allow scripts added by rigify, but not others’ as there is not way for blender to know which is which.
edit: This post is about the “Auto Run Python Scripts” checkbox, that CookItOff talked about. It is not about the ‘allow internet’ checkbox. I add this clarification, because it leads to some confusion in the replies to this post.
And in what world is this NOT a security risk?
Edit : rephrasing this a bit.
It should be more know that addons CAN have access to the web when used. Certain asset library addons do this already. Maybe it could be added in the addon’s description.
But it might be good to inform users about this. As most, if not all, functionality of an addon wouldn’t need internet acces imho.
Read up on the connecting to the internet issues, some points:
The description for “Online access” may need to be re-worded to make it clear this isn’t guaranteed for extensions.
The fact that extensions are not blocked from accessing the internet, still means they can be reported for failing to follow policy, so on any given day - popular extensions are unlikely to be ignoring extensions.blender.org policies.
Sand-boxing Python is a non-starter, the resulting Python environments tend to be so constrained as to be useless for most extensions. As has already been mentioned, it may be simpler to sandbox Blender itself, although this depends on the underlying platform.
From the systems I’ve used - having 3rd party packages perform unauthorized internet access tends not to be a problem, not to diminish the concern. I’d put this in a similar category as malicious code - while it can’t be prevented entirely this is something that needs to be managed & re-evaluated if it’s not working well.
Correct. I was merely trying to show a correlation between the two and the known risk of running random add-ons. Good to know about not being able to target specific addons though. Thanks.
“May” is not a strong enough word. If a website gives the user the option to reject cookies but uses cookies anyway, this is illegal. If an app has an email signup with a checkbox for “do not send me marketing emails” and then sends marketing emails, this is illegal. If a software package has a checkbox for “online access” that does nothing to curtail online access, that is illegal. It doesn’t matter if add-one can access the internet, but the messaging around that matters very much.
The Foundation is currently piloting a direct course into a crippling lawsuit that could very well end Blender development through legal costs. Flag this if you want, I know it’s not a popular take, but you have to understand the legal peril you are putting yourselves in here
IANAL/TINLA, pls keep in mind that this isn’t just “my country’s laws are global default”. So many nations / supranational unions have similar (Amsterdam was part of the founding of the EU, yes?) that this is a potential disaster. I strongly advise getting legit legal opinions on the wording and updating the descriptions.
I have a question surrounding developing extensions:
With legacy addons, you could create a symlink from a development directory into the Blender scripts/addons folder. Then it would show up in the addon list, and you could enable it from the UI, or with an operator.
This is how the vscode blender development extension by @jacqueslucke works, so it would be good to keep this workflow.
However, when creating a symlink into the new extensions directory, it shows up as “missing”:
This error isn’t very informative, and looking into the code hasn’t helped understand the mechanism that’s causing it.
Is there a way to use symlinks with the new system, or does the addon need to be reinstalled each time?
The Foundation is currently piloting a direct course into a crippling lawsuit that could very well end Blender development through legal costs.
I’m not super informed, but I thought this was all about an auto update, or something similar enough. What would make even the most worn out of armchair’s “lawyer” entertain the idea of filing a lawsuit over it? What is the issue here?
I mean an actual reason. Not, “Technically, the wording of that checkbox may be correct, but could perhaps not reveal the entirity of the user’s ability to install third party addons that do not respect said checkbox”
That isn’t lawsuit material, especially not the type that goes anywhere.
It doesn’t have to go anywhere to be expensive to defend against – very, very expensive, such expense paid for out of money donated for Blender development, not legal fees. Could be avoided with some simple rewording – this seems axiomatic to me, I don’t understand why it’s being argued against.
By all means, reword it. But don’t act like this is something that would even happen, nevermind bankrupt Blender to the point of shutting down development. That’s what I am saying, and why I asked if this is about something other than an auto updater. Seems like it is what it appeared to be so far.
