[learningit]

I like that proposal a lot more than the other alternatives.

[Martijn]

We already tried the beta repo once and it did NOT work. It was complete mess and we just killed it in the end. So I'm against even trying again.

[jurialmunkey]

I know past beta repos have had their problems, but this would have very limited access and only be for addons where overriding official was absolutely essential. I understand the hesitance, but at least this way there would be centralised control over what addons can override.

[Koying]

I'd +1 that.

No clue why the previous attempt failed, but I suspect that if it becomes a *must* due to restrictions on non-official repos, it might work this time.

[L0RE]

I think a Whitelist of Repos for an addon in the addons.xml would be better .
There is always an exception that would fit an an Official Dev Repo.. Most Flexible,with the best possible Security.
It would even allow Addon developer. Forbitting superreo mirroring the addon

[jurialmunkey]

Whitelist won't work. Any setting stored locally won't work because malicious repos or wizards can simply overwrite the setting and install their own junk. Plus there would be no centralised control over what is in beta repos which kinda defeats the purpose.

[L0RE]

@juralmunkey: the whitelisting is in the repo.xml . When kodi finds a new version from an 3party repo it checks the whitelist against the repo.xml from kodi.tv, not the file in the addon, so no overwriting could be done.This would be a solution for the problem. It would stay compatible with older kodi version, because repo.xml would be ignored

So no damage could be done

[jurialmunkey]

@L0RE - regardless, there is no centralised control over addons; nothing to prevent multiples of same module; and no code review process. Plus it is far more secure having one location hard baked into the source rather than an unencrypted plaintext file.

[L0RE]

@L0RE - regardless, there is no centralised control over addons;

That patch has nothing to do with "centralised control over addons". If you want to archieve this you have to remove 3Party Repos Completly. This Patch Archives the Oposite. Developer have to desicde if they want Kodi.tv or their Own Repo. I Think there are many Developers where kodi.tv is a "Nice to have", so they will remove their Addon from Kodi.tv .

nothing to prevent multiples of same module; and no code review process.

My Sugestion would Prevent Mutible Modules from Differen Developers, and let the Developer the Possibility for their Dev Repo instead removing it from kodi.tv

Plus it is far more secure having one location hard baked into the source rather than an unencrypted plaintext file.

A Code in Addon is not save since an Addon can change another Addon. What would an evil Addon stop changing the Hardcoded Locaiton in the Binary, or replacing the Kodi Binary at all

[da-anda]

a small modification to a python/xml file is dead simple for an add-on to do. Overwrite Kodi binaries not, as you can't replace a binary currently being executed, can you?

[L0RE]

@da-anda Overwriting doenst work. Bot renaming does. so instead of overwriting the Binary you have to Rename it, than the binary kodi.exe could be used again

binary="D:\Program Files (x86)\Kodi17\kodi.exe"
os.rename(binary,binary+".old")
os. rename(evilkodi,binary)

Now on the Next reboot the New Kodi will boot

[da-anda]

without elevated privileges you usually can't mess with any file inside "Program Files". Also, on Android, the binary is readonly. And yes, it will never be a 100% secure

[smitchell6879]

May I am speaking out of place or repeating something already stated as I just read bit and pieces of this on going discussion.But if it is security you want then that is not what your going to get as long as u allow outside add-ons to be installed into Kodi ... If you did lock down the repos to only allow offical add-ons whose code was been reviewed then at that point would could begin to truly improve the security. But even with that someone will find a way to "get root".

Python is a awesome language and there is a lot a script can do to ones PC not just Kodi ... You can how ever use Kodi as the interpreter to deploy malicious scripts.
With that maybe it is time for a Kodi add-on repo.... That's locked down but still with a few steps you can unlock developer mode .. with that if you install beta repos or add-ons it will disable install from offical repo...but in the flip side you turn off developer mode and it force a update to all add-on from the official repo.

And have plenty of pop ups telling someone they are on there own in developer mode.

[L0RE]

@snitchell6879
"That's locked down but still with a few steps you can unlock developer mode .. with that if you install beta repos or add-ons it will disable install from offical repo...but in the flip side you turn off developer mode and it force a update to all add-on from the official repo"

When you do so you cant develope an addon with an offical module as dependency. So developer must fork all modules they use like the request module... i think that would make more chaos .....

[smitchell6879]

I was thinking that the official repo would be available ... Developer mode would just let you overwrite the official add-ons if they have the same I'd. Either way I am using Leia now and I you update a add-on you can choice where to update it from I haven't used a beta repo but I will test it out. Most things I just manual install and just enable in the add-ons lol. I don't use repos yet.