Hacker News new | past | comments | ask | show | jobs | submit login

You're already trusting that third party agent on your own computer. If VSCode itself was malware then it can do anything you can do, including sshing into remote machines and running commands behind your back.



No -- when I ssh somewhere I am NOT giving them (the server) permission to run code on MY computer. When I vscode-remote somewhere then I AM giving them (the server) to run code on MY computer. You don't expect visiting a website to give the website permission to edit your local files, and so similarly some people might expect that if they are remote-editing with vscode they are not giving the remote-server permission to edit their local files either. Best to be aware!


VSCode is opensource. Remote ssh agent is not.


VSCode is not if installed with binaries.


Are you saying that the VSCode binaries are not built from the exact source that is available? Or that the opensource license doesn't apply to the version of VSC that is distributed via binaries?

I'm using VSCodium myself anyway, but I'm also installing it from binaries (precompiled packages), as is the case with most opensource software I use.


What's that got to do with anything?


that you can theoritically audit vscode code, but not ssh agent code...


Does that have anything to do with SECURITY?

The train of logic has run way off the rail in this thread.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: