Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trusted Publisher Verification & Verified Publisher Filtering for Extensions #68590

Closed
REPNOT opened this issue Feb 13, 2019 · 2 comments
Closed

Trusted Publisher Verification & Verified Publisher Filtering for Extensions #68590

REPNOT opened this issue Feb 13, 2019 · 2 comments
Assignees
@joaomoreno
Labels
extensions Issues concerning extensions feature-request Request for new features or functionality

Comments

@REPNOT
Copy link

REPNOT commented Feb 13, 2019

With a high volume of extensions available for VS Code, it would be great to know
if extension publishers are both trusted and verified. In addition to this, the ability to
filter extension searches to display verified trusted extension publishers only, would be
great! Ratings aren't enough, I personally would feel more comfortable downloading
extensions verified by Microsoft using a process to ensure proper due diligence has
been exercised to guarantee some level of quality and security.
@vscodebot vscodebot bot added the extensions Issues concerning extensions label Feb 13, 2019
@sandy081 sandy081 added the feature-request Request for new features or functionality label Feb 13, 2019
@sandy081 sandy081 added this to the Backlog milestone Feb 13, 2019
@sandy081 sandy081 mentioned this issue Feb 13, 2019
Closed
@gjsjohnmurray gjsjohnmurray mentioned this issue Feb 11, 2020
Closed
@sandy081 sandy081 assigned joaomoreno and unassigned sandy081 Nov 11, 2020
@sandy081 sandy081 removed this from the Backlog milestone Nov 11, 2020
@sandy081
Copy link
Member

@joaomoreno Not sure if you already have an issue for this, if so please close this as duplicate. Thanks.

@joaomoreno
Copy link
Member

Ratings aren't enough, I personally would feel more comfortable downloading
extensions verified by Microsoft using a process to ensure proper due diligence has
been exercised to guarantee some level of quality and security.

The current state of things is: every single extension in the marketplace is scanned for malware and security issues. So by downloading it from the Marketplace you already have that guarantee. There's not much more we can do here besides implementing end-to-end signing which won't give you any added benefits. Closing this as out of scope.

@github-actions github-actions bot locked and limited conversation to collaborators Dec 26, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@joaomoreno joaomoreno

Labels
extensions Issues concerning extensions feature-request Request for new features or functionality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@joaomoreno @sandy081 @REPNOT