Removing Support for Third Party Closed Source Modules


Mine is implying a ModuleScript which can be updated at any time, or one that doesn’t even need to be updated in another post, can run malicious code whenever it wants and there’s no way to make sure it’s safe to use. Your example implies someone who had access to edit the game directly put code in that exposed people to inappropriate content. These are very different things, regardless of the similar outcome.

Regardless of whether it’s a front page game, even one child exposed to mature content is undesirable. Mine is not an edge case, it’s a possibility. Yours is considered an edge case because it’s extremely unlikely and caused directly by actions of a developer for the game. If anything, the person who hired that malicious developer and gave them full edit access to the production version of the game is at fault. They were perfectly able to ask someone else to verify the source.


I believe your case is an edge case even more so because why would a top game creator be using private modules which have the possibility to be updated to contain malicious code? A developer can be cut off by being removed from team create, and a private module can be cut off by disabling scripts/deleting them.

Edit: I think I’ve been misunderstanding. I believe my case is more possible than yours. My case is an open source script being updated on a top game to be malicious. That’s what I’m saying.


And like I said in my reply, even one child exposed to mature content is undesirable. It doesn’t have to be a front page game, that’s just the worst case scenario.

Your example has literally nothing to do with the topic at hand in any case.


You made an argument, I turned it around and said the same thing can occur with open source scripts.

And once again,

this can happen with closed or open source.


But now we know exactly who put the malicious code in the game, and they are to blame. With a closed source module, it doesn’t have to be uploaded under the account of the person who developed the module. You have no way of proving who exactly did it, and on top of this fact, you’ve now got an entire playerbase that’s been affected.


And the game doesn’t have to be edited from the main account of the developer.


Maybe you shouldn’t be giving edit access to random alternate accounts?


Yes, I agree. You shouldn’t be doing that. But, there isn’t really a way to tell if an account is alternate. If the join date is from a few weeks ago and it has nothing on it, then yes it is obvious. I own a few alternate accounts that are years old, and you wouldn’t guess they are alts. A developer just has to make some excuse, such as they lost access to their main account, and now they have team create on an alt.


You shouldn’t be giving edit access to anyone you don’t completely trust. Contractors do not need access. Only the project lead should be allowed to push updates to production.

This conversation has strayed pretty far, so I won’t be replying further.


And people shouldn’t use private modules from people they don’t trust, and people shouldn’t be using open source scripts from people they don’t trust. I don’t use private/open source scripts if they don’t come from me, unless they are posted on the developer forums, and the open source just gives access to some sort of function. And by this I mean something like Module3D. Some sort of API. I won’t create a game with just open source scripts in the toolbox. Yet people do. I see it often. It just ends up not working very well. They wouldn’t know if one of those scripts has a virus, if they are just using free model open source scripts. Same for private modules.


I hate to ask this but can this thread be locked?

It is going in circles; nothing new has been added to the argument for ages. If this really needs to continue, it should be in its own thread or in PMs. Roblox has made it clear that this change is happening regardless of what has been said, and I don’t think we gain anything from the same cyclical debates


It’s is going in circles because people aren’t listening to either side.


People need to start being more open-minded instead of flagging other peoples posts for having a different opinion.

I have mixed opinions on this change, it is for the best but it will also come with its consequences of services being closed down. (some of these services, I actively purchase) Whatever happens, it won’t satisfy everyone and people will just have to get over that.


It doesn’t matter if “people aren’t listening to either side” because this change is happening anyway as clearly stated above. What’s the point of further discussion when everyone’s argued about the same thing for the past 900 posts?


This is tragically true. But Roblox is a childrens platform; so that will be their first and foremost priority. Developers are a close priority, but not first (legal reasons)


I can only address part of your post, but I feel like it’s the most important part.

What harm is there in making the code visible to others? Who cares if someone takes it and changes it around a bit?

Most of the non-malicious private module writers are making paid services where you exchange currency (Robux, USD, et cetera) for their program to run in your game. Making this paid service open source would make it wide open for pirating. I realise (as I’m writing this) that this post is a bit old, but I wanted to get my foot in the discussion somewhat.


That’s what I basically said?


Lots of people think that this was the completely wrong call, and that this is destroying everything.

However, this was the right call. This should have been the update from the beginning. Thank you so much for installing this! Now, I don’t have to worry about malicious code being brought into my game!

Sure, I am a bit upset that services like ICW and TBS are destroyed, but I still think that this is the right call.


I wouldn’t put hidden code in any serious game that I am making for a large audience.

What I use private modules for is for community based groups where you can have the same tech used by multiple groups.

Example: Having battles span across different groups and places but the underlying tech is the same, so you know one team isn’t cheating by altering their scripts or such.


Yeah. Main thing PMs are used for. But they’re being removed because a few people are using malicious code.