from @NVAccess about the add-on store "Hi everyone,
-
from @NVAccess about the add-on store
"Hi everyone,We've had some questions lately around responsibility for the quality and safety of add-ons in the NVDA add-on store, so we wanted to address that:
What is NV Access’s responsibility for the quality and safety of add-ons in the store?
This is an important question, and among some people there seems to be a significant misunderstanding about the role of the Add-on Store. The accusation that we failed to properly vet an add-on is based on a mistaken premise of what the store is for. The Add-on Store is a repository for community-created content, not a curated collection of NV Access-certified software. Our philosophy is similar to the classic Unix approach: we don't prevent people from doing potentially stupid things, because that would also prevent them from doing clever things. This is similar to the approach taken by other add-on stores, including browsers such as the Chrome and Firefox add-on stores and platforms such as the Windows and Android app stores.
To act as a Quality Control gatekeeper for every add-on, by testing every feature and judging its code quality, would be a massive overreach of developer freedom. Ironically, that is precisely the very kind of top-down control we have recently been accused of.
Like those previously mentioned add-on stores, we do perform automated security checks on all submissions. This includes static code analysis and running submissions through VirusTotal to screen for known malware. To date, no known malicious add-ons have been submitted to the store. The recent add-on that sparked discussion was simply broken and poorly coded.
As we state clearly in our documentation and in warnings within NVDA itself, add-ons from the store are used at your own risk. The responsibility for ensuring an add-on works correctly and comes from a trustworthy author ultimately lies with the user who chooses to install it.
While we stand by the principle of developer freedom, we also recognise that the current model is not ideal for user security in the long term. That is precisely why we have been working for some time on a major engineering effort: to create a secure add-on runtime. This is a complex, long-term project that will fundamentally change how add-ons interact with NVDA, allowing them to run in a more isolated and secure environment. This will provide a much stronger safety net for users without requiring us to manually vet the quality of every single community creation."
-
from @NVAccess about the add-on store
"Hi everyone,We've had some questions lately around responsibility for the quality and safety of add-ons in the NVDA add-on store, so we wanted to address that:
What is NV Access’s responsibility for the quality and safety of add-ons in the store?
This is an important question, and among some people there seems to be a significant misunderstanding about the role of the Add-on Store. The accusation that we failed to properly vet an add-on is based on a mistaken premise of what the store is for. The Add-on Store is a repository for community-created content, not a curated collection of NV Access-certified software. Our philosophy is similar to the classic Unix approach: we don't prevent people from doing potentially stupid things, because that would also prevent them from doing clever things. This is similar to the approach taken by other add-on stores, including browsers such as the Chrome and Firefox add-on stores and platforms such as the Windows and Android app stores.
To act as a Quality Control gatekeeper for every add-on, by testing every feature and judging its code quality, would be a massive overreach of developer freedom. Ironically, that is precisely the very kind of top-down control we have recently been accused of.
Like those previously mentioned add-on stores, we do perform automated security checks on all submissions. This includes static code analysis and running submissions through VirusTotal to screen for known malware. To date, no known malicious add-ons have been submitted to the store. The recent add-on that sparked discussion was simply broken and poorly coded.
As we state clearly in our documentation and in warnings within NVDA itself, add-ons from the store are used at your own risk. The responsibility for ensuring an add-on works correctly and comes from a trustworthy author ultimately lies with the user who chooses to install it.
While we stand by the principle of developer freedom, we also recognise that the current model is not ideal for user security in the long term. That is precisely why we have been working for some time on a major engineering effort: to create a secure add-on runtime. This is a complex, long-term project that will fundamentally change how add-ons interact with NVDA, allowing them to run in a more isolated and secure environment. This will provide a much stronger safety net for users without requiring us to manually vet the quality of every single community creation."
@NVAccess Clarification about the sandbox for Add-ons
Sean Budd (NV Access)
The new runtime will be optional. We have no plans to restrict the current add-on system, this is to just give NVDA users and add-on developers the option for a more stable and trustworthy add-on system. As an open source project, and as per our product vision NVDA will always be freely modifiable, including insecure, custom add-ons. Our license prevents us from ever becoming closed source.Add-ons have never been manually approved or vetted in detail by NV Access.
Based on our performance testing, the secure addon runtime has no noticeable negative performance impacts. The new runtime will have stable API, meaning less long time maintenance for addon developers. While anything has the potential for vulnerabilities, as usual, we will be responsive in fixing any found exploits in the new runtime. however given our sandboxing methods it will be much more difficult to create a malicious addon than the current add-on system. We expect the new runtime to be secure, fast and trustworthy.
-
R relay@relay.publicsquare.global shared this topic