Sorry to raise this question about a feature that offers so many benefits to users, but what certainty can I have that a plugin that I download from the plugin store won't trash my Family Historian data or other data on my computer?
I see that if I submit a plugin, I have to promise not to do anything harmful, but even experienced software developers inadvertently introduce bugs, and of course anyone with a malicious intent can simply lie.
ID:6079
* Using plugins safely
-
tatewise
- Megastar
- Posts: 28410
- Joined: 25 May 2010 11:00
- Family Historian: V7
- Location: Torbay, Devon, UK
- Contact:
Using plugins safely
In the final analysis nothing is certain.
Even Family Historian or Windows itself have sometimes has been known to corrupt things.
If you really are uncomfortable about using Plugins then don't use them.
Always use Plugins on a COPY of your Project before committing to your main Project.
Ensure you have suitable backups of everything, not just the GEDCOM. It is not only software that will corrupt things. Hardware can do it too!
Look at the number of downloads and comments against the Plugin in the Plugin Store before you use it.
Search the Forums using the Plugin Name to see what history of problems and advice it may have generated.
Even Family Historian or Windows itself have sometimes has been known to corrupt things.
If you really are uncomfortable about using Plugins then don't use them.
Always use Plugins on a COPY of your Project before committing to your main Project.
Ensure you have suitable backups of everything, not just the GEDCOM. It is not only software that will corrupt things. Hardware can do it too!
Look at the number of downloads and comments against the Plugin in the Plugin Store before you use it.
Search the Forums using the Plugin Name to see what history of problems and advice it may have generated.
-
redvanman
- Diamond
- Posts: 80
- Joined: 10 Jun 2010 10:51
- Family Historian: V7
- Location: Dalbeattie, Kirkcudbrightshire
Using plugins safely
Tatewise, thanks for your response.
I'm actually a seasoned software engineer, so I understand that nothing is certain. But I also know that it's possible to take precautions against incorrect and rogue software (for example, code inspection, testing, scanning for viruses).
Rephrasing my question then, does Calico Pie do anything of the sort before putting plugins in the store, or is that all down to me as the end user?
When I know the answer, then I will know whether I will be comfortable with using plugins or not.
I'm actually a seasoned software engineer, so I understand that nothing is certain. But I also know that it's possible to take precautions against incorrect and rogue software (for example, code inspection, testing, scanning for viruses).
Rephrasing my question then, does Calico Pie do anything of the sort before putting plugins in the store, or is that all down to me as the end user?
When I know the answer, then I will know whether I will be comfortable with using plugins or not.
-
tatewise
- Megastar
- Posts: 28410
- Joined: 25 May 2010 11:00
- Family Historian: V7
- Location: Torbay, Devon, UK
- Contact:
Using plugins safely
There is a delay between submitting a new Plugin, or an update to a Plugin, before it appears in the Plugin Store, but I do not know what checks Calico Pie performs.
In the typical time lapse, I doubt if Calico Pie do any detailed code reading or testing.
One of the conditions is that Calico Pie require the author to indemnify them against any Plugin side-effects.
What a Plugin can do is somewhat limited by the capabilities of LUA and its various libraries including the FH API.
However, a Plugin could completely delete all your GEDCOM data, and every file that has suitable permissions, and run any program installed on your PC with whatever command line parameters are allowed, and access any Internet API services.
And all designed to happen only on a particular date in the future!
As a seasoned software engineer myself, I understand your points.
Perhaps the less experienced users are relying on us to be responsible and also check out Plugins on their behalf.
LUA code, in case you have not looked, is quite easy to understand, and is an interpreted script, not compiled.
So anyone can code inspect, test, and debug any Plugin.
In the typical time lapse, I doubt if Calico Pie do any detailed code reading or testing.
One of the conditions is that Calico Pie require the author to indemnify them against any Plugin side-effects.
What a Plugin can do is somewhat limited by the capabilities of LUA and its various libraries including the FH API.
However, a Plugin could completely delete all your GEDCOM data, and every file that has suitable permissions, and run any program installed on your PC with whatever command line parameters are allowed, and access any Internet API services.
And all designed to happen only on a particular date in the future!
As a seasoned software engineer myself, I understand your points.
Perhaps the less experienced users are relying on us to be responsible and also check out Plugins on their behalf.
LUA code, in case you have not looked, is quite easy to understand, and is an interpreted script, not compiled.
So anyone can code inspect, test, and debug any Plugin.
-
LornaCraig
- Megastar
- Posts: 3201
- Joined: 11 Jan 2005 17:36
- Family Historian: V7
- Location: Oxfordshire, UK
Using plugins safely
I'd like to add that I personally would be happy to trust anything written by Calico Pie, Jane Taubman, Mike Tate (Tatewise) or Peter Richmond - in other words, almost all of the plugins there at the moment.
Further, any Plugins which were uploaded before the release of V5 have been tested by some of the FH Beta testers. (I know this doesn't mean no bugs will be found in the future, but no catastophic problems have come to light.)
If in the future a lot more plugins are added by other authors I might exercise caution before using them, but I would feel comfortable using any there at the moment.
Further, any Plugins which were uploaded before the release of V5 have been tested by some of the FH Beta testers. (I know this doesn't mean no bugs will be found in the future, but no catastophic problems have come to light.)
If in the future a lot more plugins are added by other authors I might exercise caution before using them, but I would feel comfortable using any there at the moment.