this post was submitted on 30 Jul 2023
387 points (96.6% liked)
Lemmy.World Announcements
29079 readers
197 users here now
This Community is intended for posts about the Lemmy.world server by the admins.
Follow us for server news ๐
Outages ๐ฅ
https://status.lemmy.world/
For support with issues at Lemmy.world, go to the Lemmy.world Support community.
Support e-mail
Any support requests are best sent to [email protected] e-mail.
Report contact
- DM https://lemmy.world/u/lwreport
- Email [email protected] (PGP Supported)
Donations ๐
If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.
If you can, please use / switch to Ko-Fi, it has the lowest fees for us
Join the team
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I want to caution that every new ui is a potential security risk. When it's a mobile app then it's entirely on the user to decide if they trust it, but when it's hosted the host is implicitly giving a seal of approval so I think at least a bit of a code audit should be done, especially since xss is much more of a risk on the web.
There's already been one security breach on the default Lemmy skin, so I think it would be a good idea to do an audit for every new hosted ui and include a section for it on these posts. You don't necessarily need to crawl through every line of course, but it'd be good to cover what framework and rendering engine it uses and acknowledge any risks associated with them.
We have the devs of all but one of the alternative UI's on our discord server. We try to provide options for our users as well as give some extra exposure to the Lemmy developers community by hosting these on LW. It's actually pretty cool to see that devs from different apps are going through each other's code and are being helpful. And other community members are actively helping the developers test (and request) new features.
So that is one of the things that we did to "play safe". But I understand your concern and I'll have a talk with the team how we can organise something like a code review of the UI's we host.
We have one more UI to be announced soon. And that will most likely be the last one we will add.