@badger101 That’s a quite common pattern for free and open source nodes. We developers who create such nodes in our spare time with limited resources usually don’t want to spend much money on expensive certificates to sign the nodes. So if you know the source (URL, HTTPS, reliable vendor), you can safely install such nodes.
You might see a warning regarding missing signing/certificates. You can safely ignore this. Most community developers of free and open source products do not sign their products to avoid large costs for acquiring certificates.
The Spellchecker Nodes are developed by @qqilihq who also develops the Palladian Nodes and the Selenium Nodes. So I would consider them safe
Thank you so much for the explanation. Really appreciate it. I was busy these last 2 days creating tools to address my previous concern, which now is not a concern anymore based from what you just wrote.
I’m deciding now whether I should keep these to myself, or to publish them on the hub as an alternative:
Thanks for the great explanation, @danielesser and thanks for rising that question @badger101. Here’s some additional 5 cents about that topic (from the maker of the Spellchecker nodes perspective):
We (NodePit and Selenium Nodes) currently do not sign the jars (no matter if it’s for free or for paid nodes). Signing them gives little objective security benefits but it’s a big hassle on top of the plenty of big hassles one faces in the Eclipse/KNIME development ecosystem (and which we rather invest in building great software).
Why no security benefits? As seen above, most users do not really know what “signing” exactly means. Facts: It will not protect you from bad/malevolent software. There is no external entity involved which “validates”, “authenticates” or “reviews” the “signed” software at all. At the end, the main reason for signing the software would just be about getting rid of that annoying dialog (which is definitely frightening).
So. Should you “trust” the Spellchecker nodes? This question I cannot answer
Should you make your decision based on that unsigned content dialog? I think no.
By the way: For any questions about these nodes, don’t hesitate to get in touch!
@qqilihq Update: I just downloaded and tested your node. It worked remarkably well! Will definitely keep it as my permanent collection to use when it matters
Here’s my solution.
I tried a few of the purpose build nodes, however I wasn’t pleased with the result. The most accurate that I got, was using a simple contains().
I’ve build a sort of scoring matrix to decide to which “category” the Finding fits better. I’ve done this by using the String Similarity Node from NodePit.
Interesting to learn new about the similarity search node, although, I used it before for a different algorithm. Thanks for the challenge. Nevertheless, 5 nodes.
Thank you so much for the explanation. Really appreciate it. I was busy these last 2 days creating tools to address my previous concern, which now is not a concern anymore based from what you just wrote.
