How do I know if a plug in is safe?
I hear that a Daily Log plug in has been developed. I started to read up on plug ins and the page warns that a plug in could be unsafe and to only use plug ins from a trusted developer. I don't know who developed this plug in and I don't know how to tell if it is safe to use. What next?
Comments
jeetee developed the plugin and is a longtime contributor to MuseScore. I would trust him with my computer.
Well, https://musescore.org/en/project/daily-log clearly starts that @jeetee is the author, a long time regular here onmusescore.com
You can open the qml file with any text editor or view it on GitHub and check what it is doing.
Up to now we've only ever found one single potentially dangerous plugin: it loads other plugin code from the internet, something that can't get checked before using it, not easily at least.
(I'm talking about https://musescore.org/en/project/musicalion-upload-manager-0, I've made changes to that pages so that the code can get viewed before loading and running it, up till now that code does seem harmless)
So yes, in theory plugins might be able to do bad thing, but no, in practice this hasn't happened yet, not in the past 10+ years
In reply to Well, https://musescore.org… by Jojo-Schmitz
Mike and Jojo can vouch for Jeetee, but who can vouch for Mike and Jojo? Jeetee? OK. What do I have to lose except all of my information!
In reply to Mike and Jojo can vouch for… by Rockhoven
Check the code before running it. This is the upside of QML, being a script language, it comes in a human readable form. It isn't much to read either, see https://github.com/jeetee/MuseScore_DailyLog/blob/master/create-daily-l…
In reply to Mike and Jojo can vouch for… by Rockhoven
Jojo who? ;-)
In reply to Jojo who? ;-) by mike320
JoJo Yer Mama. OK. I'll look at this in the afternoon. Keep yer eyes on the Composer's Corner. I'm fishin' for a trout.
In reply to Mike and Jojo can vouch for… by Rockhoven
I can vouch for Mike and Jojo :-D
In the past I have wondered about having some kind of "validated/approved" label for plugins when they were reviewed by "trusted" team members. Then again, history has proven that the MuseScore community so far is a positive one where no one has supplied abusive plugins so far. And there are those like Jojo that do review them occasionally if users, such as yourself, have questions about them.
Next to me, the MuseScore software you're running can vouch for all three of us as well. It contains code by Jojo and myself and many bugfixes and some features for which mike was the triggering factor in discovering them.
Hey! I'm trying this plug in while reading the Plug Ins Handbook. I've decompressed the zip file, and I've extracted it to the Documents/Musescore3/Plug Ins folder, so now it's installed properly. Now I'm at the Plug In Manager, and it says in the handbook to enable the plug in by checking the appropriate tick box. But which tick box is appropriate?
Do I check all of the boxes or just the two that say "daily log?
Nevermind. I've got it working.