Removing Support for Third Party Closed Source Modules


#41

Freeware, sorry.


#42

I suggested an implementation of the Unity or Unreal Asset Store here on Roblox.

Any code that is closed-source would of course have to be reviewed first by Roblox first, or only trusted developers could publish closed-source items. The code to these items, if set by the uploader would be unable to be viewed or uploaded as a free asset by the buyer.


#43

It doesn’t matter. When you upload the model to the library for free, you agree that it’s 100% free for users to edit and use as they please. That’s literally in fine print now.

Hiding code in any way should not be allowed since technically all free models have the same license, regardless of what the uploader says it is.

Yeah it might lead to copies, but that’s what happens when you make something a free model. It’s 100% free.


#44

Disallowing code obfuscation is actually counter-productive in that it prevents honest developers from working to their full potential. People wanting to distribute malicious code will not be adhering to these rules, and attempting to enforce such a rule is a moderation effort Roblox is not equipped to deal with.

Also open-source doesn’t mean more secure, there’s been examples of this before. NPM being recent example


#45

As LordHammy said, RIP Kohl’s Admin and many other modules developers have provided for the public to use. But this is a step in the right direction since I once encountered an issue where a user tried to do something malicious to one of my places one year ago.


#46

I’m not saying it’s more secure. I’m saying that hiding your code for a “freemium product” is not a good reason to keep private modules since all models should be 100% open source.

If you or someone else wants to obfuscate your code, that’s fine. But it should still be available for all to see.


#47

We shouldn’t keep private modules, at least, not in their current state. It would be nice if there was some other way to make proprietary scripts.


#48

I honestly don’t see how this would work… Private modules were the only way to keep hard work out of malicious hands. This isn’t on anyway going to stop these botted models and it wouldn’t stop the majority of underaged users from using the malicious copies.
I honestly believe because of this, people who open their source, especially if it’s something that shouldn’t be really opened like an admin or a driving script, both exploits will be easier to be made and botted reuploads will get worse.
If you do want to help, actually solve the problem with botting and taking in reports into consideration, this would stop this a lot more better.
Also, do do the whitelist thing…


#49

I am incredibly disappointed that this was the course of action decided upon but it’s understandable given how quickly a solution was needed. I’m hoping in the future we’ll see more viable methods for hiding code because as people have shown before and in this thread there are perfectly legitimate reasons for allowing private code.

Not to repeat Anaminus but there’s currently an active thread (that I happened to have created) for more serious discussion of alternatives located here:

At the moment though I worry about the impact this will have on people who use modules to hide web APIs and those who sell products/used private modules to ensure their copy of code was the only one. Again, I’m disappointed in Roblox, even though I understand why.


#50

Smart move to be honest. There’s just too many risks associated with something like this. Props.


#51

In my opinion this is a REALLY good move that should’ve been implemented long ago. It was something that I recently thought about as developers have been getting GDPR takedown requests. If a game has closed source modules and those modules access data stores there’s really no way to delete player data stored there.


#52

Make a feature request for having a similar but less exploitable version of privatemodules included in the upcoming packages feature, although I think something like it might already be in the to do list for packages

On the main topic: it’s about time we got rid of privatemodules yeahhhh :yum:


#53

I do honestly like how most of you go “Yay, it’s about time.” This will ruin complex scripts that need to be privated. For instance, a secret API key or a part of code which if released won’t be as useful because people know how it works. This IS going to ruin a lot of good people.

Thanks Roblox, yet again pushing your fault onto us…


#54

I’ve also suggested a Asset-Store type deal where you can upload your paid-assets and have them be closed-source.


#55

This is a wonderful change. I don’t know why this wasn’t the norm to begin with. Free models requiring third party closed-source modules are dirty and barely contribute anything worthwhile, can’t even open them up and learn anything from them and can’t trust them. If you need to make the module closed source, chances are you either aren’t doing something right (lets not leave a bunch of API keys or something in there) or (more likely) you’re being a bit greedy. There’s no reason a game should ever be able to remotely load something that the place owner either doesn’t own or can’t take and read, and allowing such to happen gave rise to the massive amounts of “backdoored” models that seem to be everywhere.

Will games still be able to use closed-source modules that the game creator has in their inventory (but didn’t necessarily make?)

Good stuff :+1:


#56

That would be a great idea, a controlled place with assets made by trusted developers. Even if it’s closed source Roblox would have checked it and said A-okay.
It is honestly getting to the point where the majority of the model/ plugin catalog is malicious and private modules are apart of it. However this isn’t the best way to go.


#58

You shouldn’t be leaving a bunch of sensitive keys sitting in an uploaded module. Flaws have been found multiple times that have allowed people to steal closed-source modules. Doing so would be bad practice and waiting for disaster.


#59

Well then the model can’t be publish to the public, beating the idea to make something public in the first place.


#66

Code can still be hidden and/or obfuscated. It’s just that now you can look at the source; making sense of it is a different story.


#70

Edit:
Seems to be nothing more than an explorer-UI after being stripped down. Apologies for the previous post. :smile: