Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add extra warning to "Installing add-ons" section of User Guide #16510

Open
wants to merge 16 commits into
base: master
Choose a base branch
from
Open
Changes from 8 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions user_docs/en/userGuide.md
Original file line number Diff line number Diff line change
Expand Up @@ -3387,6 +3387,18 @@ It is very important to only install add-ons from sources you trust.
The functionality of add-ons is unrestricted inside NVDA.
This could include accessing your personal data or even the entire system.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Add-ons are scanned by [Virus Total](https://www.virustotal.com/), however, this only detects known malware at submission time.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did you want to commit this somewhere?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be better to part of the previous paragraph

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I initially had it at the end of that paragraph, but just reading it again as a whole:

"Just because an add-on is available in the NVDA Add-on Store, does not mean that it has been approved or vetted by NV Access or anyone else. It is very important to only install add-ons from sources you trust. The functionality of add-ons is unrestricted inside NVDA. This could include accessing your personal data or even the entire system."

Perhaps between "... approved or vetted by NV Access or anyone else." and "It is very important to only install add-ons from sources you trust..." would be better?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that makes sense to me

As with any software, it is important to trust the developer of an add-on before using it.
Qchristensen marked this conversation as resolved.
Show resolved Hide resolved
There are a number of ways of doing this:
Qchristensen marked this conversation as resolved.
Show resolved Hide resolved
* Research the developer's reputation (e.g. how long have they been contributing, or their GitHub profile)

Qchristensen marked this conversation as resolved.
Show resolved Hide resolved
* Look for user feedback in the [NVDA user group](https://nvda.groups.io/g/nvda) or [NVDA add-on group](https://nvda-addons.groups.io/g/nvda-addons)
Qchristensen marked this conversation as resolved.
Show resolved Hide resolved

Qchristensen marked this conversation as resolved.
Show resolved Hide resolved
* Verify that the add-on is regularly updated

Qchristensen marked this conversation as resolved.
Show resolved Hide resolved
Qchristensen marked this conversation as resolved.
Show resolved Hide resolved
* Read [Community reviews #AddonStoreReviews] of the add-on

* Seeking community feedback through forums or social media.
Qchristensen marked this conversation as resolved.
Show resolved Hide resolved

You can install and update add-ons by [browsing Available add-ons](#AddonStoreBrowsing).
Select an add-on from the "Available add-ons" or "Updatable add-ons" tab.
Then use the update, install, or replace action to start the installation.
Expand Down