This has been echoed by many other feedback requests such as:
Given that these have gone fairly inactive, I've opted to revive it as well as providing my own insight.
This proposes dividing the permission into three distinct ones that are more specific:
- Delete Messages
- Pin Messages
- Remove Reactions
To sum the motivations of these other requests, this would allow servers to grant these isolate permissions without the inclusion of the other two. The ability to pin wouldn't grant the ability to delete, etc.
However, from a bot developer perspective, having these isolated would limit permission needs - bringing peace of mind to the users and developers. Currently, my bot needs the "Manage Messages" permission as it is the only way that the bot can remove reactions in a pagination system. It frankly does not need to be able to delete or pin messages, and in the event of any similar bot compromise, the damage vector becomes much more smaller. In the less than 0.1% that my bot would ever be compromised (since there's always a risk), the worst my bot could do is delete messages - which is something that is still beyond comfort for us developers. We want to maximize security and privacy as much as we can.
We hope that this is deeply considered.
Executive Director, Kerygma Digital
srp [at] kerygma [dot] digital
Please sign in to leave a comment.