- Joined
- May 27, 2016
- Messages
- 745
Of course having more people to approve updates is better than fewer people to approve updates, but that's not a solution for the problem.
then we will wait for @Arbiter to respond. I am out of my depths here.
By registering with us, you'll be able to discuss, share and private message with other members of our community.
Sign up now!Of course having more people to approve updates is better than fewer people to approve updates, but that's not a solution for the problem.
One might even debate that point. The more people that have access to pushing bots, the bigger the security risk. People might get hacked, so that people have access to the bot pushing process. And it's harder to manage if security leaks appear to find out who's responsible.Of course having more people to approve updates is better than fewer people to approve updates, but that's not a solution for the problem.
Good point. Also, Arbiter is pretty much never here, Cloud outsourced the approving job to Slash, so he could do other client work i suppose. So atm we have 1 person who actively pushes bots. I would say at least 4-5 are needed for a fluent approval rate, that means we need about 4 more people to approve bots.One might even debate that point. The more people that have access to pushing bots, the bigger the security risk. People might get hacked, so that people have access to the bot pushing process. And it's harder to manage if security leaks appear to find out who's responsible.
Good point. Also, Arbiter is pretty much never here, Cloud outsourced the approving job to Slash, so he could do other client work i suppose. So atm we have 1 person who actively pushes bots. I would say at least 4-5 are needed for a fluent approval rate, that means we need about 4 more people to approve bots.
Exactlydoesnt sound good.
Exactly
As a bot author and a human being it happens every now and then that a bug slips into my code that i always fix as soon as possible. I usually fix the bot and push a fix within like 30 minutes after noticing the bug. It's incredibly annoying to get bug reports although I already fixed that very bug, while waiting for my update to be approved.as a scripter would this be putting alot of stress on you and make you feel less bothered to fix things?
like from your point of view how does it effect you?
The more people you have to approve updates, the higher the chance that one of those get hacked and malicious code is pushed throughI understand this 100% from your prespective but what is going to happen when someones scripter account gets hacked or just decides that its a good idea to add in malicious code parts and end up doing really bad stuff? Its not only the scripters reputation which gets killed also runemate as a whole bot for incompetence. I think the only thing what can be done here is recruit more people so updates are pushed more frequently.
so its a dead circle. the more people you have to approve updates, the higher chance that malicious code gets pushed in. and at the same time if you give premium authors free will to push updates with no delay to their scripts, also higher change that the code gets pushed in.The more people you have to approve updates, the higher the chance that one of those get hacked and malicious code is pushed through
Like I said in OT, give selected premium authors the privilege to release updates without having to wait on approval. Premium authors should be trusted enough for this.so its a dead circle. the more people you have to approve updates, the higher chance that malicious code gets pushed in. and at the same time if you give premium authors free will to push updates with no delay to their scripts, also higher change that the code gets pushed in.
Where exactly do you see the solution to this problem then?
Like I said in OT, give selected premium authors the privilege to release updates without having to wait on approval. Premium authors should be trusted enough for this.
Is this a reference to RSBuddy?I'm open to exploring the option to allow more people, namely @Party and @Aidden, to push bots through. I'm, however, not open to considering any code be published without a review process. I've seen too many good people do bad things in my last decade in this scene to gamble the accounts of those who trusted me with them.
I'm open to exploring the option to allow more people, namely @Party and @Aidden, to push bots through. I'm, however, not open to considering any code be published without a review process. I've seen too many good people do bad things in my last decade in this scene to gamble the accounts of those who trusted me with them.
Maybe I'm missing something but any bot that isn't using TCP/UDP or making HTTP(S) calls should be fine security wise and it's not hard to automatically look for those calls in bytecode/source and if it is using that functionality (say for dynamic signatures or w/e) just have it be manually cleared by a human.
Could they just make any bot running on runemate not be able to make such calls surely that is possible. Bots do not need to make HTTP calls, unless they have online stats which many don't. Removing this ability will allow scripts to be updated anytime, and people will not need to fear getting hacked/leaked.A bot author could add a hidden feature that runs at a specific time and date, that makes bots withdraw all their items from the bank and trade them to the bot author's account.
Code review is a must.
We use essential cookies to make this site work, and optional cookies to enhance your experience.