Comment by mxmlnkn
15 hours ago
Why not simply have both? This does not have to be an either-or decision. Have a default repository with vetted extensions, but leave the option to install from other sources open.
15 hours ago
Why not simply have both? This does not have to be an either-or decision. Have a default repository with vetted extensions, but leave the option to install from other sources open.
Enterprise will always choose the less risky option so if there is either-or its vetted extensions only.
For consumer it's kind of already like this in a way, there are "verified" extension providers.
Overall, I think this is just going to lead to a lot more scrutiny. I'm sure one of the first things asked when this was discovered was how can it be prevented and I'm sure one of the first answers was get VsCode to lock down extensions. Enterprises love the easy answers