[Greasemonkey] Goals for the user script directory (very long)

Jeremy Dunck jdunck at gmail.com
Fri Apr 8 08:53:27 EDT 2005


On Apr 8, 2005 4:11 AM, Michael Bierman <greasemonkey at thebiermans.net> wrote:
> 2) Improve ability to judge trustworthiness of scripts
> 
> MB> What does this mean? People vote on their favorite scripts?  People can
> leave comments? How do you define trust? How do you measure it?

It means that right now, people have to view source to figure out if a
script isn't going to steal their bank account info, and we should
address this problem.

How we do it is up for discussion, but I think the directory can help
by providing versioning and flagging.  Flags are negative, no flags
over time is positive.  How do I measure it?  I don't; people flag
scripts, and other people review them.

> In order to serve goals 1-4, the directory will need to discover scripts,
> and regular spidering won't be very useful, I think, because there are
> relatively few user scripts, and I'm not sure how to go about finding good
> sources of scripts.
> 
> MB> (see the end of this email for more on this). I think you may be trying
> too hard again.  If you build a really good repository (or directory)
> authors will list their scripts or users of scripts will add them for the
> benefit of other users. 

And they will be able to submit w/ a web form.  But we have a web
here, and it seems handy to use it, too.

> Of course the directory will allow form-post submission of a URL to a script
> so that authors can have a more direct way of discovery.
> 
> MB> Did you mean just the URL? Or the Url, description, mod date, script
> name, more info (optional?),

Just the URL.  No explicit in-script version will be trusted.  The
retrieved script will answer the metadata questions.  Oh, perhaps you
mean that users will want to add metadata to scripts they didn't
write.  Maybe, but I'll wait until someone asks for that.

> MB> I think some of the reasons you want to do versioning (and hashing,
> etc.) are very good--and definitely ambitious.  I still think that some
> people will want to host their own scripts and a simple directory may
> suffice here--but you have raised some good things to think about.

They can host them anywhere, sorry if I wasn't clear.
Basically, how it goes is:
* discover script (at some URL)
* retrieve
* hash for version
* include in directory
* check source URL occasionally
* when finding new hash, list new version in directory

If I host all versions of all scripts, it will only be as a service in
case the original publishing site goes down, or someone explicitly
wants to reference an old version no longer available at the
publishing URL.


More information about the Greasemonkey mailing list