[csmuk]

Or organisations that don't want Joe user (that includes Joe developer who thinks he understands security but does not) running random powershell scripts off the Internet written by god-knows-who that have access to COM, their AD and local file systems and might just POST it all to some remote web site. Or even ones that download packages off the Internet that may have licensing implications or malicious bundling.

I assume no one is old enough or so far away from reality that they don't remember the hell that was VBA and macros in the late 90's and early 00's?

They're very sensible organisations IMHO.

Theyre not oppressive and to be shunned. They just take data protection seriously.

[lucajona]

If you read HN and your organisation treats you like 'Joe user', I'd say you probably feel pretty oppressed.

Scoop is aimed pretty squarely at HN readers, not so much at people that are ok with working at an organisation that doesn't trust them to run programs on their computer.

[csmuk]

Some of us work in compliance based industries where its a necessity rather than a choice. We still use what could be considered a favourable stack on HN but we deal with masses of sensitive personal data. We're not oppressed: we're professionals. Big difference.

We trust people to run programs on their computer, just not ones that download other programs and ones that have dubious signing or security policies.

The prevailing attitude amongst startups and even big businesses of blasting everything carelessly with shotguns because it's the latest and greatest needs to die. Quality and therefore trust is suffering.

[rat87]

What about bat files? vbs? exes? they aren't dis allowed by default. If an organization has reason for being very paranoid it should try to ban all of those. But the os default should be to allow scripts to run.

[csmuk]

I think you missed my point.

It's not the type of the file but the source of the file that is the issue.

It is also that these sorts of scripts are the source of many untrusted, unsigned and unverified files as well and you cannot necessarily trust the canonical source of them either.

If some random guy gave you some pain killers on the street, would you take them? Probably not. That's exactly what this problem is.

[voltagex_]

There has to be a balance. A lot of NuGet scripts aren't signed or are signed with a MS cert that's different from their normal code signing ones.

[csmuk]

Yes and we don't allow use of NuGet due to this amongst other reasons.