[CHORE] Adding to greasyfork #132
Comments
|
Interesting, didn't know it autosyncs. The main reason I avoided it was because I figured it would have to be a standalone thing, be separately managed, and doesn't provide proper support channels and stuff to actually keep track of the codebase in a standardized manner. Also got turned off by the ad spam, hahah. I agree that it helps users "find" the tool through their manager and sync. |
|
One thing I'd like to pick your brain about is, would this open up the possibility of increased ambiguity with unsanctioned, potentially harmful copycat scripts? What if someone creates a malicious KES clone and posts it on greasyfork under a similar name? What's to stop users from inadvertently finding that one when browsing through their extension search menu? If we could say, "official KES sanctioned by the KES team is only available at this GitHub repository," it might allow us to skirt this issue, since anything on greasyfork or other userscript pages would be de facto not the sanctioned version. What I'm getting at here is there is basically no "filter" with userscript pages, it's just a collection of scripts and it's caveat emptor for the user. Whereas it should be a lot harder to make a malicious repository. Figured I should elaborate on that here, since that's at least part of what went into my decision to prefer a git repository with standardized entry point page. I think we could also look at the possibility of checksums. Although not every user is liable to use them, at least we can point to a single source of truth and say, the X.X.X release has the checksum YYYY, anything else is invalid. For starters, I'll go ahead and use the GitHub releases feature to link releases to a specific tag, and list the checksums there. |
What if you don't post it to Greasy Fork, and someone else does? Better to protect the project name. |
|
I'm totally open to whatever you guys wanna do, just throwing out fringe scenarios to do defensive design, as is my wont. |
|
Since there's always gonna be a risk of malicious actors, I agree with @JasonMaloney, I think we should beat them to the punch. That way, when you search for KES on greasyfork, it'd be the first thing that comes up. I like the idea of checksums, that'd be nice for people who are a bit more worried about what they're installing. |
|
Well, I went ahead to set up the official account and encountered this:
This applies for all of the external requires. Rationale is described here: https://greasyfork.org/en/help/external-scripts
|
Since greasyfork is generally the main place to get userscripts for kbin, it'd be a good idea to get it posted on there. You can set up the greasyfork page to sync with this repo to automatically handle updates. It could also help get a little bit of the load off of GitHub when people install it or update
kes.user.js, but all of the mods would still have to be loaded from GitHub.We could also set up the mods as library scripts on greasyfork (also synced with the files here), which could open up this up to being more of a standard API for kbin addon packs (and further reduce the load on GitHub as well), but that's a bit of a crazy idea.
The text was updated successfully, but these errors were encountered: