Response to code safety review discussion

These concerns are pretty explicitly addressed. I encourage you to re-read the original post.

Regarding “who cares about this if my code is closed-source”:

A solution for private / API keys is STILL needed

A lot of devs were mostly concerned about personal keys, and still are. There should be a feature built-in to place these keys, outside of scripts. It has been suggested many times, and removes a big part of the privacy and security concern. It also has added benefits such as not needing to remove API keys during a team create session.

Feature Request:

Otherwise, I’m going to have to start changing my keys every week. That’s just absurd.

Can moderators see script commit history, so they know who exactly wrote a specific piece of code? What if I am a part of a TC (author or not) and someone does something stupid. How do we know the correct person is punished if it truly does “pose a threat to the Roblox Community”? That is one question I am sure many want to see clarification about.

I can answer these two:

2. This system isn’t looking for profanity, so no, as long as it’s not exposed to players.
3. Correct. Scripts won’t be reviewed unless the team goes in-game and finds some concerning content to check up on.

What about someone who used to have access, but no longer does? Or anyone who might be concerned their personal data has been stored in scripts in the game?

Thanks for addressing some of the concerns regarding this system. Although, I would like to know more about how it handles utf-8 encoded strings as these could be implemented in a malicious way.

While I certainly appreciate the response, and recognize that it addresses some important questions; one point is still unanswered:

Will we be notified if our code has been manually reviewed?

I for one would like to use such information to update my API keys, paranoid as I may be.

Why are Team Create sessions considered private, while non-Team Create sessions aren’t? Can we get more clarification on why it’s private?

coef, I totally respect you, but being completely honest the OP doesn’t address everything. Many developers, myself included, are concerned about how exactly our secrets (API keys, for example) are protected during the moderation process. At the time of writing, this isn’t specified in the post.

I appreciate the clarification (I had to reread it a few times but most of my questions are answered) but I’m still concerned about secrets like API keys and tokens. Is there something in the work to hide these things or are we expected to just accept that staff will see them? If that’s the case, would it be possible to have a system put in place to notify us when a staff member has seen our code so that we can change these keys if we so desire?

While I certainly share your curiosity, I must point out that revealing these kind of details of the inner-workings of the system would likely aid those that try to evade it.

For concerns regarding secrets such as API keys, I recommend supporting feature requests such as this one:

(Support here meaning give it a like or add your additional use cases in comments.)

It would be nice to know precisely what these rules are, since while this post is more precise in some areas it continues to be vague in others.

Is there any plan to inform the developer on devforum, by email, or by Roblox PM that the “special team” is checking my game? (Edit: So some users can void their API keys till a way to store API key’s is in place?)

Any way that an alternative method of appealing will be in place?

Not always. Certain information regarding process, excluding the actual moderation criteria, can be shared so that we know that they are taking some protection. We would hope that the team is under strict NDA, that the information has strict IT controls that prevent it from leaving the network (once the employee accesses it), and that code is more protected than some image already available for viewing in the catalog. Unfortunately, these are things that we don’t know exist (although I hope they do).
Edit: I misunderstood the question, That said, this is still info that we would like to see.

We understand this is the goal, but many developers are worried because they still don’t understand what conditions can cause their code to be flagged in the first place. Unless this is clarified, developers will assume that their private code can be read/stolen by moderators at any time.

That’s unfortunately not a good enough response to that concern. This is a problem that Roblox created with their own policies, and they should have addressed it before now, or should at the very least be addressing it actively. Supporting a feature request that may or may not be implemented (and if it is, may take an indeterminate amount of time to be added and enabled) is not a solution.

The question was not regarding information of the manual review and how it was treated, and this is information that I too would like to see divulged. Nevertheless, my comment was on the topic of the inner-workings of the automatic review system.

I’d assume this team is under immense scrutiny while they are inspecting specific portions of games, and they would be engineers since they need to review code (not the same people who moderate images/sounds/etc). It seems somewhat paranoid to assume an engineer is going to risk “stealing” code or intentionally reading code they’re not supposed to when all of their actions that they are performing as part of this review team are closely logged and monitored. Maybe we should have a little bit more faith in the people running this platform?

I mean, not really the best clarification, doesn’t answer a lot of our concerns, but thanks?