|
|
|
|
|
|
by pibaker
27 days ago
|
|
|
> you are turning plain text into an executable Doesn't this describe all computer programs? They all take some kind of input data and turn it into action. Take the many malicious VSCode extensions as an example. Should they not be classified as malware, because by running VSCode and installing an extension, you are turning the plain text into executable? IMO It shouldn't matter how exactly the user's computer deals with your data — it is the fact that you know your action will lead to undesirable outcomes and decided to do that anyway that makes it malicious. I'd also say that if the author doesn't acknowledge his own malicious intent then he wouldn't have tried to hide the instruction in question from human view. Not a lawyer, but this seems like the kind of thing that will make you look very guilty in case you ever end up in court. But then again I am not the kind of person to burn my FOSS cred to spread an ideologically charged message, so what do I know? |
|
|
By the way, vscode extensions are part of the reason I moved to Zed… so trust is still important even in the age of llms