[primaeval]

Fully agree. Check the source code, if it's obfuscated in any way then the author has something to hide. And I don't agree with any rubbish about wanting to protect their code. That's exactly the opposite of open-source.

The thing is until 17.0 comes out there is no warning that the repo/addon you are adding has any potential dangers. If your wife/kids/parents are using a computer you installed Kodi on, how are they to know what addons are dangerous. Can your wife/girlfriend/mother read Python? I bet a print statement looks obfuscated to them.

Good point. They might accidentally install an add-on from one of the dodgy repo's I use. Because obviously I install loads of repositories from sources I don't trust.
Oh, hang on...

They can just as easily find a repo linked from a Youtube video as an addon with no indication from Kodi that it could be a problem.

Even your pristine repos might contain addons that accidentally mess up your file system as there are no restrictions on the addons permissions, as we have been talking about earlier.

[primaeval]

The thing is until 17.0 comes out there is no warning that the repo/addon you are adding has any potential dangers. If your wife/kids/parents are using a computer you installed Kodi on, how are they to know what addons are dangerous. Can your wife/girlfriend/mother read Python? I bet a print statement looks obfuscated to them.

No they can't. Which is why I would never install a third-party repo for them to download add-ons from. If they needed anything from a third party, I'd get it in zip form, check it myself and then install from zip.

Look, this is exactly the same as installing software in any operating system. Does anyone really heed the warnings that windows flashes up or do they just blindly click 'yes' and 'install' and then are puzzled as to where these dubious browser toolbars came from ?? Same with Android - some app says it requires root so user roots their device without really understanding what they have just done and installs it.

Whilst I fully understand what a malicious add-on could do, you cannot police people's stupidity and naïvety. It's up to the user to decide whether or not to install something and no matter how many warnings you give and how many hoops you make them jump through to do it, they will still install it.

You can't have freedom of choice in a closed eco-system. Kodi offers a lot of freedom to do with it as you want and I personally don't want that to change because of a minority of idiots.

Its not quite the same with Kodi because you can restrict the app installations at the OS level for your kids but they can install anything in Kodi when it is installed. Even password protecting the user Profile is easy to get around for your average teenager I imagine.

I think Kodi is just too mainstream to blame the users for everything. Just imagine if no-one had taken the initiative in your kids web browser to block dangerous websites? There are a lot of dangerous websites blocked by Firefox/Chrome etc behind the scenes that most people probably don't realise is happening.

[trogggy]

The thing is until 17.0 comes out there is no warning that the repo/addon you are adding has any potential dangers. If your wife/kids/parents are using a computer you installed Kodi on, how are they to know what addons are dangerous. Can your wife/girlfriend/mother read Python? I bet a print statement looks obfuscated to them.

Good point. They might accidentally install an add-on from one of the dodgy repo's I use. Because obviously I install loads of repositories from sources I don't trust.
Oh, hang on...

They can just as easily find a repo linked from a Youtube video as an addon with no indication from Kodi that it could be a problem.

Even your pristine repos might contain addons that accidentally mess up your file system as there are no restrictions on the addons permissions, as we have been talking about earlier.

1. I install anything that's on my system. Nobody else. If you let anybody do what they want without at least educating them to the dangers then it's your fault.
2. Yes, there could be something from a legitimate source that accidentally borks things. That's why I have backups.
When a windows update froze my tablet I didn't say 'OMG why am I allowing updates?' I probably said 'Bollocks', and then I restored it.
Using any software without thinking can cause problems. That shouldn't be news to anyone.

[primaeval]

Ok. So if nobody wants to change anything, what is the feasibility/legality of keeping a database of unofficial addons that trusted users can flag the safety/dangers of the addons with version numbers?
No linking, just an MD5 of the zip or something to verify it.
I think Lunatixz was suggesting something like this.

I am thinking something similar to the Dutch Drug Testing Service rather than the War On Drugs or complete denial that they exist.

[Koying]

Once again, Addons run with Kodi's permission.
Having a plain app as Kodi allowed to changed your HOST file is a sign of bad configuration in the first place, so the addon debate is moot, here.

[primaeval]

Once again, Addons run with Kodi's permission.
Having a plain app as Kodi allowed to changed your HOST file is a sign of bad configuration in the first place, so the addon debate is moot, here.

There are still a lot of places an addon can access from a limited user account: browser password databases for instance.

[trogggy]

Ok. So if nobody wants to change anything, what is the feasibility/legality of keeping a database of unofficial addons that trusted users can flag the safety/dangers of the addons with version numbers?
No linking, just an MD5 of the zip or something to verify it.
I think Lunatixz was suggesting something like this.

I am thinking something similar to the Dutch Drug Testing Service rather than the War On Drugs or complete denial that they exist.

It's feasible, but it's not feasible to do it via this site - as most of the add-ons you're presumably meaning are banned here. Even linking to such a database wouldn't be possible - as far as I can see - unless things changed.

[primaeval]

Ok. So if nobody wants to change anything, what is the feasibility/legality of keeping a database of unofficial addons that trusted users can flag the safety/dangers of the addons with version numbers?
No linking, just an MD5 of the zip or something to verify it.
I think Lunatixz was suggesting something like this.

I am thinking something similar to the Dutch Drug Testing Service rather than the War On Drugs or complete denial that they exist.

It's feasible, but it's not feasible to do it via this site - as most of the add-ons you're presumably meaning are banned here. Even linking to such a database wouldn't be possible - as far as I can see - unless things changed.

There is a list of banned addons here, so they could just have an annotation of why: illegal content, obfuscated code etc.

I am not just thinking of banned illegal addons, but beta developer addons and ones that don't have all the criteria for submission here completed: like language files etc.

[trogggy]

Ok. So if nobody wants to change anything, what is the feasibility/legality of keeping a database of unofficial addons that trusted users can flag the safety/dangers of the addons with version numbers?
No linking, just an MD5 of the zip or something to verify it.
I think Lunatixz was suggesting something like this.

I am thinking something similar to the Dutch Drug Testing Service rather than the War On Drugs or complete denial that they exist.

It's feasible, but it's not feasible to do it via this site - as most of the add-ons you're presumably meaning are banned here. Even linking to such a database wouldn't be possible - as far as I can see - unless things changed.

There is a list of banned addons here, so they could just have an annotation of why: illegal content, obfuscated code etc.

I am not just thinking of banned illegal addons, but beta developer addons and ones that don't have all the criteria for submission here completed: like language files etc.

I'm not saying it's a bad idea - but I'd be very surprised if it happened on this site. What you're doing is making a list of 'safe' add-ons that break the piracy rules here (amongst others). You may as well write 'hint hint' under the list.

[primaeval]

It's feasible, but it's not feasible to do it via this site - as most of the add-ons you're presumably meaning are banned here. Even linking to such a database wouldn't be possible - as far as I can see - unless things changed.

There is a list of banned addons here, so they could just have an annotation of why: illegal content, obfuscated code etc.

I am not just thinking of banned illegal addons, but beta developer addons and ones that don't have all the criteria for submission here completed: like language files etc.

I'm not saying it's a bad idea - but I'd be very surprised if it happened on this site. What you're doing is making a list of 'safe' add-ons that break the piracy rules here (amongst others). You might as well write 'hint hint' under the list.

I know what you mean but if you take the drugs analogy, the Portuguese decriminalization and education policy has been a success and is being looked at as a model around the world.

If you know an addon is dangerous and illegal hopefully you will think twice about using/paying for a legal/better option.

Don't you just want something more when you aren't allowed to even mention it?

[trogggy]

There is a list of banned addons here, so they could just have an annotation of why: illegal content, obfuscated code etc.

I am not just thinking of banned illegal addons, but beta developer addons and ones that don't have all the criteria for submission here completed: like language files etc.

I'm not saying it's a bad idea - but I'd be very surprised if it happened on this site. What you're doing is making a list of 'safe' add-ons that break the piracy rules here (amongst others). You might as well write 'hint hint' under the list.

I know what you mean but if you take the drugs analogy, the Portuguese decriminalization and education policy has been a success and is being looked at as a model around the world.

If you know an addon is dangerous and illegal hopefully you will think twice about using/paying for a legal/better option.

Don't you just want something more when you aren't allowed to even mention it?

I'm not giving my opinion on the policy, just my view that your proposed database would drive a coach and horses through it. It's not something that really bothers me, as I don't use anything that I'd consider to be risky. But from a practical point of view any database is only useful if people actually know about it. All the stuff you've written about you-tube, teenagers, uneducated users etc would still apply, only a tiny minority (who aren't really in an at-risk group anyway) would even be aware of it. The people come here when they have a problem and don't even notice all the stuff about banned add-ons before asking why their Sky Sports isn't working aren't going to be checking it.

[primaeval]

I'm not saying it's a bad idea - but I'd be very surprised if it happened on this site. What you're doing is making a list of 'safe' add-ons that break the piracy rules here (amongst others). You might as well write 'hint hint' under the list.

I know what you mean but if you take the drugs analogy, the Portuguese decriminalization and education policy has been a success and is being looked at as a model around the world.

If you know an addon is dangerous and illegal hopefully you will think twice about using/paying for a legal/better option.

Don't you just want something more when you aren't allowed to even mention it?

I'm not giving my opinion on the policy, just my view that your proposed database would drive a coach and horses through it. It's not something that really bothers me, as I don't use anything that I'd consider to be risky. But from a practical point of view any database is only useful if people actually know about it. All the stuff you've written about you-tube, teenagers, uneducated users etc would still apply, only a tiny minority (who aren't really in an at-risk group anyway) would even be aware of it. The people come here when they have a problem and don't even notice all the stuff about banned add-ons before asking why their Sky Sports isn't working aren't going to be checking it.

What I would love to see is if the user tries to install an addon, Kodi checks its MD5 with the full addon database and gives a dialog to say "This addon has been flagged as illegal/dangerous/untested. Kodi takes no responsibility for you installing this addon? Enter your name and social security number to proceed:".
"ps. We gave your ip to the NSA/MAFIAA too. "

At least then you would know if it is a completely unknown addon or just an illegal or unfinished one.

[trogggy]

What I would love to see is if the user tries to install an addon, Kodi checks its MD5 with the full addon database and gives a dialog to say "This addon has been flagged as illegal/dangerous/untested. Kodi takes no responsibility for you installing this addon? Enter your name and social security number to proceed:".
"ps. We gave your ip to the NSA/MAFIAA too. "

At least then you would know if it is a completely unknown addon or just an illegal or unfinished one.

Yeah, because Team Kodi are going to be checking every update of every dodgy add-on to make sure it's safe for the poor ickle users.

Can't you just take some responsibility for what you install?

[primaeval]

What I would love to see is if the user tries to install an addon, Kodi checks its MD5 with the full addon database and gives a dialog to say "This addon has been flagged as illegal/dangerous/untested. Kodi takes no responsibility for you installing this addon? Enter your name and social security number to proceed:".
"ps. We gave your ip to the NSA/MAFIAA too. "

At least then you would know if it is a completely unknown addon or just an illegal or unfinished one.

Yeah, because Team Kodi are going to be checking every update of every dodgy add-on to make sure it's safe for the poor ickle users.

Can't you just take some responsibility for what you install?

We have been here many times before. I can, but most of the users out there are not clever enough to do that.

Sometimes the strong/clever have to help the weak/uneducated.

[trogggy]

Can't you just take some responsibility for what you install?

We have been here many times before. I can, but most of the users out there are not clever enough to do that.

Sometimes the strong/clever have to help the weak/uneducated.

How incredibly patronising.