As I understand it (and this may well be wrong, even though I’ve spent a lot of time trying to understand this), you can develop for SAFE in two ways:
- Make an entirely separate application, which just talks with SAFE through another API.
The first one makes sense and is what I thought was the only way, but apparently, if the second version is correct, won’t this mean that the application can do anything with the user’s computer, including modifying their SAFE client? It seems to bypass the security gained from trusting only the SAFE Browser and the “core APPs”.
For example: the “Web Hosting Manager” is separate. There is also apparently some SAFE e-mail client. I first thought that these were special, MaidSafe-developed applications that have a special, trusted status… but actually, anyone will be able to create their own horribly broken/malicious “APPs”, without MaidSafe having anything to do with them?
I guess this is considered necessary, but it makes me very nervous. I just barely trust MaidSafe, and they created the SAFE network… but I’m gonna have to trust a bunch of random people with full access to my machine? You could of course argue that this is already the case with “clearnet software”, and it’s true, but I don’t trust those either!
Will these “custom SAFE APPs” all be found and installed via the SAFE Browser? Will they be checked for malware at all? I get that it’s probably required for SAFE to take off, but I can’t help but wish that we were limited to the “SAFE sites”, at least for a long time initially (excluding the MaidSafe-developed applications). I can just imagine how badly “the market” will mess this up…