top | item 33602124

(no title)

schniz | 3 years ago

Hey there! I plan to open source this soon so the source will be available and you can read it. It is really doing nothing but adding the emoji to GitHub.

But I understand that the shadiest people say they are legit, so I’ll prioritize open sourcing the extension so others can review it :) sounds good?

discuss

jrockway|3 years ago

That is a nice thing to do, but I think people will still be hesitant because there is no way to know whether that code you open-sourced is actually what's in the Chrome Store, or that the Chrome Store listing won't change ownership in the future. (Chrome extensions auto-update, so it's easy to ship users code that does something "new and exciting", and when dealing with software supply chain risk, "new and exciting" is something many people don't want.)

I get that you just wanted to make something cool, and it is very cool, but people are also right to be paranoid here. Compare the value between having a certain tiny image in your PRs versus being able to check code into any organization's Git repo as a trusted engineer at that organization, and how much someone would pay you on the black market for either of those things.

hirsin|3 years ago

Not to mention that even the data being requested and stored is also organizationally sensitivite if leaked. Everyone's got some problem customer emoji or frustration with their cloud provider in there, which maybe wouldn't look great externally.