Take ownership of list of deprecated and malicious extensions #1938

kineticsquid · 2023-06-29T16:33:49Z

This list is created by scanning daily the public that Microsoft maintains for the Visual Studio Marketplace: https://az764295.vo.msecnd.net/extensions/marketplace.json

We should take over this list as a central resource for consumers of extensions from open-vsx.org.

This will require some policy discussions and implementation procedures.

kineticsquid · 2023-06-29T16:47:44Z

Extensions get abandoned
Extensions can be dangerous … and we want to make users aware
MS introduced deprecated extensions in 05/2022 and has a GitHub Discussions thread for people to contribute to the list
Eclipse should host it, because
- It will make sure anyone can use it (VSCodium, Gitpod, Coder, Theia, …)
- It will ensure that people are free to contribute and add visibility to the effort

kineticsquid · 2023-07-12T20:08:34Z

@filiptronicek To clarify, currently we just maintain this list, there is no UI treatment of deprecated extensions?

filiptronicek · 2023-07-13T09:32:22Z

@kineticsquid exactly. The only interface you can use the data from as of now is searching for deprecated extensions in a VS Code client.

kineticsquid · 2023-07-20T13:17:42Z

I just realized @filiptronicek you'd created #1121 last year for this. Closing this one.

kineticsquid mentioned this issue Jun 29, 2023

Allow to deprecate extensions #1412

Open

amvanbaren added this to Open-vsx.org Deployment Jun 30, 2023

amvanbaren moved this to Todo in Open-vsx.org Deployment Jun 30, 2023

kineticsquid closed this as completed Jul 20, 2023

github-project-automation bot moved this from Todo to Done in Open-vsx.org Deployment Jul 20, 2023

Provide feedback