Comment by xpe
2 years ago
Zed is my favorite editor, but I'm not going to minimize concerns that people raise simply because I think the editor is stupefyingly awesome overall.
Questions: What control does a user have right now over what gets installed automatically? What are the levers we can pull to get more control? (These levers include configuration options, pushing back on the project, and so on.)
P.S. Not that this is an excuse, but VS Code's security posture (sandboxing, prompting users, etc.) probably didn't happen overnight without user pressure. Who knows the history?
Some highlights from the Github issues thread [1]:
> Ideally you would be able to turn off auto-download but still be able to use a [language server] if it’s already on the users system.
> There is not a binary choice between "friendly to end users" and "secure". You can have your cake and eat it too. The main thing that should be considered is less of a user facing popup or preference (where opt-in vs. opt-out is an issue, as is noise & friction), but developer facing options. If Zed offered compile time configuration this could be fixed to everybody's satisfaction. Distros could ship a pre-configured package with all the dependencies already provided so that the user experience is just "install and run" while also not having an app that downloads (or attempts to download) binaries behind teh users back. Meanwhile if Zed wants to ship a binary package upstream that defaults to downloading things they can.
[1]: https://github.com/zed-industries/zed/issues/12589