Title: Make bundled binaries optional Last modified: August 30, 2016 --- # Make bundled binaries optional * [Daniel15](https://wordpress.org/support/users/daniel15/) * (@daniel15) * [10 years, 11 months ago](https://wordpress.org/support/topic/make-bundled-binaries-optional/) * This plugin seems pretty good, but it feels pretty unsafe to bundle binaries with it. How do I know that I can trust your binaries and that they’re not trojans? I can delete the binaries and get known good copies by compiling them myself or through my operating system’s package manager, but they’ll just come back when the plugin is updated. I (and many others) would prefer if the plugin didn’t come with any binaries at all, and they were available as an optional download. * [https://wordpress.org/plugins/ewww-image-optimizer/](https://wordpress.org/plugins/ewww-image-optimizer/) Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [nosilver4u](https://wordpress.org/support/users/nosilver4u/) * (@nosilver4u) * [10 years, 11 months ago](https://wordpress.org/support/topic/make-bundled-binaries-optional/#post-6220639) * And many more than you don’t even know what a binary IS, let alone how to compile it. There is an option on the advanced tab that explicitly lets you disable the bundled binaries and use the ones you’ve installed on the system. And how do you know you can trust them? Because 100,000+ other people do. * Thread Starter [Daniel15](https://wordpress.org/support/users/daniel15/) * (@daniel15) * [10 years, 11 months ago](https://wordpress.org/support/topic/make-bundled-binaries-optional/#post-6220773) * The thing is that I installed all the dependencies myself, and don’t even want the bundled third-party binaries on my system. They’re just extra risk. Number of users is not a good measure of trust (see [Hoverzoom](http://www.reddit.com/r/technology/comments/19nzge/hoverzoom_extension_confirmed_as_spyware_sends/), [Hola](http://www.theverge.com/2015/5/29/8685251/hola-vpn-botnet-selling-users-bandwidth)). The bundled binaries are not verifiable; there’s no way to tell if someone has uploaded a plugin update containing malicious versions of the binaries. * What if you made it an optional step after installation? “The required binaries were not detected on your system, click here to automatically install them”. Users that don’t know how to compile them could use the automated version. * Plugin Author [nosilver4u](https://wordpress.org/support/users/nosilver4u/) * (@nosilver4u) * [10 years, 11 months ago](https://wordpress.org/support/topic/make-bundled-binaries-optional/#post-6220782) * The recommendation from the WP plugins team was that they should be included with the plugin, and I have no plans to change that, sorry. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Make bundled binaries optional’ is closed to new replies. * ![](https://ps.w.org/ewww-image-optimizer/assets/icon-256x256.png?rev=1582276) * [EWWW Image Optimizer](https://wordpress.org/plugins/ewww-image-optimizer/) * [Frequently Asked Questions](https://wordpress.org/plugins/ewww-image-optimizer/#faq) * [Support Threads](https://wordpress.org/support/plugin/ewww-image-optimizer/) * [Active Topics](https://wordpress.org/support/plugin/ewww-image-optimizer/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ewww-image-optimizer/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ewww-image-optimizer/reviews/) * 3 replies * 2 participants * Last reply from: [nosilver4u](https://wordpress.org/support/users/nosilver4u/) * Last activity: [10 years, 11 months ago](https://wordpress.org/support/topic/make-bundled-binaries-optional/#post-6220782) * Status: not a support question