[galgalesh]

It's all about reduction of surface and giving plugins access to the least amount of info. You expect a linter to only have (read) access to the code it lints. It shouldn't be able to modify files, it shouldn't have network access etc. WASI has a pluggable capability-based security system.

Some advanced linters might want network access but you can show this to the user, so they can make an informed decision about whether to trust that linter and their author with this power.

This isn't airtight security to protect against obviously-malicious authors. This is about creating a system that can deal with the reality that "trust" in an app store entails "a million shades of gray". I might trust a plugin enough to check for errors in my code, but not enough to actually modify my code.

[lewantmontreal]

> You expect a linter to only have (read) access to the code it lints. It shouldn't be able to modify files, it shouldn't have network access etc. WASI has a pluggable capability-based security system.

That sounds absolutely amazing. Are there any desktop apps delivered like this yet? Any operating systems or some sort of runtimes (browsers?) that support them?

I want to install apps on my desktop without worrying about it too much. Sadly currently restricted to PWAs.

[rixed]

> Are there any desktop apps delivered like this yet? Any operating systems or some sort of runtimes (browsers?) that support them?

Ever heard of apparmor?

That's per application security profiles, distributed with any applications on many Linux distributions.

[stjohnswarts]

firejails on linux as well. there are others but that's the only one I'm familiar with.

[chrisjc]

Thanks for taking the time to explain. I guess I was pretty ignorant in thinking that a plugin basically has all access to the dev-env it's written in.

I hadn't really heard of WASI, let alone understand it, but it totally makes sense why you would want to leverage this approach, along with any IDE-specific plugin interfaces/integrations.