Comment by troad
13 hours ago
FWIW, I think you're twisting my words and putting up strawman arguments too.
Permissions are not a panacea, but it is a very rare plugin indeed that will need to run unsandboxed executable code with full disk and network access. Currently, that's every plugin. The work of the vast bulk of Obsidian plugins could be achieved with much narrower permissions than this. You're letting the perfect be the enemy of the good if you're letting the 0.1% be a blocker for improving security around the remaining 99.9%.
I use and pay for Obsidian. I very much look forward to a future where plugins are something that someone could confidently run. I don't think we're there yet, and that's all my stance comes down to. I am happy you're taking the plugin situation seriously and I wish you the best of luck.
On an interpersonal note, I was really put off by the tone of the response ("Obsidian isn't for you", "clearly, you didn't read the post", etc) and the strawman arguments laced throughout (how can you be against code review? Unlike you, we believe in software freedom... ). I'm not sure what comments like "Obsidian isn't for you" were supposed to achieve, but I found that comment quite galling. To the extent my response to that was a little fiery, I apologise. I don't think either of us came at this discussion in the most constructive way. I can only own my part of that.
Good luck with the plugin improvement roadmap! Genuinely. I intend to remain a paying customer, despite - uh - the CEO's opposition. :P
I apologize for being so feisty. I found your initial comment extremely disheartening:
> No permissions system, nothing resolved.
I could not let that comment stand because it's simply not true, and you probably wouldn't say it that way to me in person. We're not some faceless corporation. We're a team of seven sharing a year's work, which is expressly imperfect and in progress. I'm not looking to be showered with praise, like I said in my comment on the post we're listening to everyones gripes, and working on them. But a bit of nuance and congeniality is appreciated.
You're right! I apologise for the tactlessness. I would find it extremely disheartening to hear what I said to you. There was a better, gentler way to express my overall concerns, and I owed it to you to take that extra minute to do so. Not only would it have avoided needless upset, but it would have been more effective in getting those concerns across. Mea culpa.