It would be nice to have the manual review removed or at least replaced by some sort of automated system. I know it's for precautionary measures, but it is so annoying and usually takes over one or two hours to even get an update out, even if it's just a simple hotfix. Super tedious and I get why it's in place, but I don't think it's necessary - we have moderators and a report system in place so this type of thing isn't required, plus we usually have a positive community.

We had an incident a few weeks ago where an executable ridden with Russian malware was uploaded, and was downloaded by a few people. A reactive approach didn't work because there was around a large period where the file was reported and action was taken.

Additionally, we've had problems in the past where script modifications have had behavior that has been verging on unwanted.

 

Since reactive doesn't work, we're switching to a proactive approach -- anything that contains executable files now goes through a security check process. Eventually, this will go through VirusTotal and VM analysis automatically.

We're still working on the system, so whilst data is being collected and stuff is being tuned, all executables will go through a manual review.

44 minutes ago, Cyan said:

We had an incident a few weeks ago where an executable ridden with Russian malware was uploaded, and was downloaded by a few people. A reactive approach didn't work because there was around a large period where the file was reported and action was taken.

Additionally, we've had problems in the past where script modifications have had behavior that has been verging on unwanted.

 

Since reactive doesn't work, we're switching to a proactive approach -- anything that contains executable files now goes through a security check process. Eventually, this will go through VirusTotal and VM analysis automatically.

We're still working on the system, so whilst data is being collected and stuff is being tuned, all executables will go through a manual review.

Do you mind if I ask which one that was? Just curious as to whether or not I downloaded it.

48 minutes ago, Cyan said:

We had an incident a few weeks ago where an executable ridden with Russian malware was uploaded, and was downloaded by a few people. A reactive approach didn't work because there was around a large period where the file was reported and action was taken.

Additionally, we've had problems in the past where script modifications have had behavior that has been verging on unwanted.

 

Since reactive doesn't work, we're switching to a proactive approach -- anything that contains executable files now goes through a security check process. Eventually, this will go through VirusTotal and VM analysis automatically.

We're still working on the system, so whilst data is being collected and stuff is being tuned, all executables will go through a manual review.

I understand but from my perspective as I am a developer that tries to get stuff out to the community as fast as possible it's now quite hard to do that. I think the scans is a great idea, but I wish this wasn't the alternative, but what can you do I guess. Thank you.

6 hours ago, Cyan said:

We had an incident a few weeks ago where an executable ridden with Russian malware was uploaded, and was downloaded by a few people. A reactive approach didn't work because there was around a large period where the file was reported and action was taken.

Additionally, we've had problems in the past where script modifications have had behavior that has been verging on unwanted.

 

Since reactive doesn't work, we're switching to a proactive approach -- anything that contains executable files now goes through a security check process. Eventually, this will go through VirusTotal and VM analysis automatically.

We're still working on the system, so whilst data is being collected and stuff is being tuned, all executables will go through a manual review.

 

Just curious what the actual manual review process entails? Is it simply a virus scan on the reviewers computer? I only ask because you mentioned other plugins that borderline unwanted behavior and Ive been working on a web socket addition to Computer+ and I'd like to know if there are plans for tighter rules on what plugins are allowed to do. 

6 hours ago, ToastinYou said:

I understand but from my perspective as I am a developer that tries to get stuff out to the community as fast as possible it's now quite hard to do that. I think the scans is a great idea, but I wish this wasn't the alternative, but what can you do I guess. Thank you.

I understand, if you think that the approval process has taken a bit or you are having an issue with the system in general feel free to PM me and I can take a look. That goes for anyone else too.

31 minutes ago, ainesophaur said:

 

Just curious what the actual manual review process entails? Is it simply a virus scan on the reviewers computer? I only ask because you mentioned other plugins that borderline unwanted behavior and Ive been working on a web socket addition to Computer+ and I'd like to know if there are plans for tighter rules on what plugins are allowed to do. 

We do some basic check on VirusTotal. If anything comes up or is otherwise suspicious we may do a deeper analysis in a controlled environment to see what's going on. The behavior you described is fine, we don't have any new rules when it comes to what scripts can do.