[chris121]

Of course having more people to approve updates is better than fewer people to approve updates, but that's not a solution for the problem.

then we will wait for @Arbiter to respond. I am out of my depths here.

 

[red]

I do not support, malicious things can and probably will be done if this system gets passed.

 

[derk]

Of course having more people to approve updates is better than fewer people to approve updates, but that's not a solution for the problem.

One might even debate that point. The more people that have access to pushing bots, the bigger the security risk. People might get hacked, so that people have access to the bot pushing process. And it's harder to manage if security leaks appear to find out who's responsible.

 

[savior]

One might even debate that point. The more people that have access to pushing bots, the bigger the security risk. People might get hacked, so that people have access to the bot pushing process. And it's harder to manage if security leaks appear to find out who's responsible.

Good point. Also, Arbiter is pretty much never here, Cloud outsourced the approving job to Slash, so he could do other client work i suppose. So atm we have 1 person who actively pushes bots. I would say at least 4-5 are needed for a fluent approval rate, that means we need about 4 more people to approve bots.

 

[chris121]

Good point. Also, Arbiter is pretty much never here, Cloud outsourced the approving job to Slash, so he could do other client work i suppose. So atm we have 1 person who actively pushes bots. I would say at least 4-5 are needed for a fluent approval rate, that means we need about 4 more people to approve bots.

doesnt sound good.

 

[savior]

doesnt sound good.

Exactly

 

[chris121]

Exactly

as a scripter would this be putting alot of stress on you and make you feel less bothered to fix things?

like from your point of view how does it effect you?

 

[savior]

as a scripter would this be putting alot of stress on you and make you feel less bothered to fix things?

like from your point of view how does it effect you?

As a bot author and a human being it happens every now and then that a bug slips into my code that i always fix as soon as possible. I usually fix the bot and push a fix within like 30 minutes after noticing the bug. It's incredibly annoying to get bug reports although I already fixed that very bug, while waiting for my update to be approved.

 

[graffiti]

I understand this 100% from your prespective but what is going to happen when someones scripter account gets hacked or just decides that its a good idea to add in malicious code parts and end up doing really bad stuff? Its not only the scripters reputation which gets killed also runemate as a whole bot for incompetence. I think the only thing what can be done here is recruit more people so updates are pushed more frequently.

 

[savior]

I understand this 100% from your prespective but what is going to happen when someones scripter account gets hacked or just decides that its a good idea to add in malicious code parts and end up doing really bad stuff? Its not only the scripters reputation which gets killed also runemate as a whole bot for incompetence. I think the only thing what can be done here is recruit more people so updates are pushed more frequently.

The more people you have to approve updates, the higher the chance that one of those get hacked and malicious code is pushed through

 

[graffiti]

The more people you have to approve updates, the higher the chance that one of those get hacked and malicious code is pushed through

so its a dead circle. the more people you have to approve updates, the higher chance that malicious code gets pushed in. and at the same time if you give premium authors free will to push updates with no delay to their scripts, also higher change that the code gets pushed in.


Where exactly do you see the solution to this problem then?

 

[savior]

so its a dead circle. the more people you have to approve updates, the higher chance that malicious code gets pushed in. and at the same time if you give premium authors free will to push updates with no delay to their scripts, also higher change that the code gets pushed in.


Where exactly do you see the solution to this problem then?

Like I said in OT, give selected premium authors the privilege to release updates without having to wait on approval. Premium authors should be trusted enough for this.

 

[chris121]

Like I said in OT, give selected premium authors the privilege to release updates without having to wait on approval. Premium authors should be trusted enough for this.

If I was the main guy that owned runemate, I would have premium scripts for most skills that are rental type scripts that would benefit the author + runemate would get its money from clients using their software which already happens. really fucking good scripts. I would probably implement this idea of yours savoir, It isn't for us to decide though unfortunately. we have to respect this. only time will tell.

 

[arbiter]

I'm open to exploring the option to allow more people, namely @Party and @Aidden, to push bots through. I'm, however, not open to considering any code be published without a review process. I've seen too many good people do bad things in my last decade in this scene to gamble the accounts of those who trusted me with them.

 

[mew]

I'm open to exploring the option to allow more people, namely @Party and @Aidden, to push bots through. I'm, however, not open to considering any code be published without a review process. I've seen too many good people do bad things in my last decade in this scene to gamble the accounts of those who trusted me with them.

Is this a reference to RSBuddy?

 

[savior]

alright i guess the case is settled. like i said earlier, by letting users push through bots without approval you're always going to have a security risk to take. However if that's not an option, i suppose we can't really blame the executives for that decision.

 

[jonesy]

Just more people who can push updates will help hugely with getting bots out quickly. Just get a few more trusted people to approve bots and the bots improve hugely, as updates could be pushed asap

 

[jjordan2]

I'm open to exploring the option to allow more people, namely @Party and @Aidden, to push bots through. I'm, however, not open to considering any code be published without a review process. I've seen too many good people do bad things in my last decade in this scene to gamble the accounts of those who trusted me with them.

Maybe I'm missing something but any bot that isn't using TCP/UDP or making HTTP(S) calls should be fine security wise and it's not hard to automatically look for those calls in bytecode/source and if it is using that functionality (say for dynamic signatures or w/e) just have it be manually cleared by a human.

 

[fire]

Maybe I'm missing something but any bot that isn't using TCP/UDP or making HTTP(S) calls should be fine security wise and it's not hard to automatically look for those calls in bytecode/source and if it is using that functionality (say for dynamic signatures or w/e) just have it be manually cleared by a human.

A bot author could add a hidden feature that runs at a specific time and date, that makes bots withdraw all their items from the bank and trade them to the bot author's account.

Code review is a must.

 

[jonesy]

A bot author could add a hidden feature that runs at a specific time and date, that makes bots withdraw all their items from the bank and trade them to the bot author's account.

Code review is a must.

Could they just make any bot running on runemate not be able to make such calls surely that is possible. Bots do not need to make HTTP calls, unless they have online stats which many don't. Removing this ability will allow scripts to be updated anytime, and people will not need to fear getting hacked/leaked.