Hey @3dsynergy, I’ve tried to answer all of your questions here. Let me know if you have any more!
The separation between the package manager and the plug-in manager is intentional. The package manager is just one way to install plug-ins for Rhino and packages can also contain Grasshopper plug-ins and/or Grasshopper user-objects. As time goes on we’ll add more things that can be distributed via packages too.
The relationship with the plug-in manager has been raised in the past. Do you think it would be useful to highlight plug-ins that have been installed by the package manager?
I’ve logged the request for a custom install directory (RH-60023) and I’ll keep an eye out for other similar requests. For now, I think Rolf’s suggestion to use symlinks is a good one. I tested this by opening cmd.exe as an Administrator and running this command…
mklink /d C:\Users\will\AppData\Roaming\McNeel\Rhinoceros\packages\7.0 D:\packages
Make sure to delete the 7.0 directory first. Everything seems to work as expected and packages are now stored on my D:\ drive.
For a bit of background information, the intention with the package manager was to move away from a system where, particularly for Grasshopper plug-ins, you had to physically move files into specific directories in order to “install” them. In my experience of answering Rhino Installer Engine questions the main reason that users want to find the installation location is to uninstall the plug-in. The package manager handles installation, updating and uninstallation.
We settled on the current location under %AppData%\McNeel\Rhinoceros because it works well for those with limited access to their computers due to corporate IT policies. The Rhino Installer Engine has always installed files to this location too.
This is a tough one. Food4Rhino has a policy of manually scanning newly published plug-ins (and other content, I believe) before approving them, but this slows down the publishing process. It’s also very hard to detect malicious intent in a plug-in without the infrastructure that an App Store like Apple has! There’s a long history of sharing plug-ins on forums, particularly for Grasshopper.
I do see that currently it’s impossible to manually download a package without unpacking it and in some cases immediately loading it. The best option right now would be to use the Yak CLI to install the package with Rhino closed, then navigate to the installation directory (the list command will also tell you where this is) and perform your own anti-malware checks. I’ve logged YAK-262 to see if I can make this easier and more discoverable for other users that want to do the same.
One more thing to note on the topic of security is that in order to publish a package to the McNeel package server you must authenticate via Rhino Accounts. This gives us some recourse in the rare case that someone publishes malicious or offensive content.
Currently there’s no link between your Rhino Account (assuming you’re logging into Rhino) and the packages that you install, but it is something that we’re thinking about for the future. We haven’t thought much beyond the ability to synchronise packages across different machines that you’re logged into with the same Rhino Account. If you have ideas then I’m all ears.