With the recent controversy surrounding Scar, I feel like there should be a change in the rules for developers and plugin sellers. For those unaware, there was a recent uncovering where malicious code (ie. a force op backdoor) was discovered in copies of iHCF that were sold to clients via the Plugins sub-forum. Once uncovered, the standard proceeding and warning template was applied to him by a moderator (35 points) and was further escalated to a permanent ban by Doge as can be seen in the picture below and this thread here.
A picture of the ban:
As of this moment the permanent ban has been lifted and the 35 point warning suspension remains in place.
When questioning the reversal of the ban with Justis in the shoutbox, a snippet of our conversation is as follows:
Posting a backdoor plugin is an extremely malicious offense and should not be treated this lightly. A suspension is a mere slap on the wrists considering that in a previous thread posted (now deleted) there were claims of servers being griefed due to the exploits made available in the distributed software. This type of offense should not have an appeal process and should be a straight forward ban, especially considering there is a disconnect in the opinions of various moderators (scar suspended, banned, then the ban being reversed). Alongside all of this, there is more room for debate with user Andromeda remaining banned for the exact same reason.
I propose a strict no tolerance rule for malicious code with no appeals process, it should be in the interest of staff members and users to discourage the spreading of backdoored plugins. Developers should be aware of the rules (this one is common sense) when selling plugins and there should not even have to be a debate on whether the distribution was accidental versus malicious. The argument that a force-op backdoor was intended for development use only is incredibly weak - why would a developer need force-op when their test environment presumably gives them access to the file system and console? Are they doing their development testing on the servers of clients?
A picture of the ban:
As of this moment the permanent ban has been lifted and the 35 point warning suspension remains in place.
When questioning the reversal of the ban with Justis in the shoutbox, a snippet of our conversation is as follows:
Justis R: There are many people who "accidentally" leave force ops in their plugins, for example, under the guise of it being used for development purposes. This would be considered a lesser offense.
Justis R: A ban worthy offense is something in which intent to harm the downloader is obvious, such as something which will delete your files upon running, install rats, or send personal data to the author.
Posting a backdoor plugin is an extremely malicious offense and should not be treated this lightly. A suspension is a mere slap on the wrists considering that in a previous thread posted (now deleted) there were claims of servers being griefed due to the exploits made available in the distributed software. This type of offense should not have an appeal process and should be a straight forward ban, especially considering there is a disconnect in the opinions of various moderators (scar suspended, banned, then the ban being reversed). Alongside all of this, there is more room for debate with user Andromeda remaining banned for the exact same reason.
I propose a strict no tolerance rule for malicious code with no appeals process, it should be in the interest of staff members and users to discourage the spreading of backdoored plugins. Developers should be aware of the rules (this one is common sense) when selling plugins and there should not even have to be a debate on whether the distribution was accidental versus malicious. The argument that a force-op backdoor was intended for development use only is incredibly weak - why would a developer need force-op when their test environment presumably gives them access to the file system and console? Are they doing their development testing on the servers of clients?
- Type
- Suggestion
- Status
- Denied
