meta-polymc
| meta-polymc | org.polymc.PolyMC | |
|---|---|---|
| 2 | 5 | |
| 9 | 7 | |
| - | - | |
| 10.0 | 4.6 | |
| 14 days ago | 23 days ago | |
| Shell | ||
| - | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
meta-polymc
-
Should I be worried about "compromised" software?
No, it is instructed where to download files from by the manifest in https://meta.polymc.org/v1, which has historically been populated by this git repo: https://github.com/PolyMC/meta-polymc
-
OVE-20221017-0001: PolyMC appears to be compromised
They do have access to the contents of the PolyMC metadata server. It serves from https://github.com/PolyMC/meta-polymc, which only they can push to at the moment. The metadata server serves links to executable Java files and native libraries, and supplementary files required for Minecraft and various modloaders. It is important to trust the people providing the metadata server. The metadata server URL is configurable in PolyMC's settings. https://meta.scrumplex.rocks/v1/ is a mirror ran by a person behind PlaceholderMC; serving files from https://github.com/PlaceholderMC/meta-polymc.
org.polymc.PolyMC
-
apt-pilled meme
It could be modified to be malicious after approval, but then the admins can mark it as EOL which shows a warning at install time (happened during the polymc drama for example)
-
Prism Launcher Flatpak
I'm sure it's planned, but not only does onboarding to flat hub take time, but there's an on-going discussion on the fate of the current PolyMC flatpak. For those itching to get the launcher.
-
OVE-20221017-0001: PolyMC appears to be compromised
The Flatpak is in control of someone on the PlaceholderMC team and will likely be switched over to PlaceholderMC. You're free to mask updates out of an abundance of caution, of course, but it's fairly unnecessary and may cause harm if you forget to undo it later on. Relevant issue
-
PolyMC compromised by rogue developer having unabomber manifesto in steam bio
For those who use PolyMC, the most pressing question at the moment would be "what should I do right now"; one of the discussions had a link to the following gist https://gist.github.com/Earthcomputer/dc65391f84a2c19ebac6c3... which says that the two most important steps (before opening PolyMC, otherwise it could auto-update) would be to disable automatic updates, and change the metadata server to the one from the MultiMC project (from which PolyMC had forked).
That gist also links to an issue on the flatpak package (https://github.com/flathub/org.polymc.PolyMC/issues/35); if I understood the situation correctly, if you're using the flatpak package, they will do the metadata server change for you (and it probably never had automatic updates enabled, since updates should be through flatpak itself).
- PolyMC 1.2.0 Released - Quilt support and more
What are some alternatives?
PlaceholderMC - A custom launcher for Minecraft that allows you to easily manage multiple installations of Minecraft at once (Fork of MultiMC) [Moved to: https://github.com/PrismLauncher/PrismLauncher]
PollyMC - DRM-free Prism Launcher fork with support for custom auth servers.
meta-launcher
PrismLauncher - A custom launcher for Minecraft that allows you to easily manage multiple installations of Minecraft at once (Fork of MultiMC)
PolyMC - A custom launcher for Minecraft that allows you to easily manage multiple installations of Minecraft at once (Fork of MultiMC)
adoptium
nixpkgs - Nix Packages collection & NixOS