Downloading plugins (Was: Summer of Code Projects)

Gervase Markham gerv at
Wed Feb 28 17:25:11 UTC 2007

Bill Barry wrote:
> I think it is a big project, but:

Do we really want to encourage administrators to download and install 
code on their servers without examining it first? Servers and client 
machines (running Firefox) are fundamentally different here.

I might give some non-malicious admin privileges on Bugzilla, but that 
doesn't mean I want them entering URLs to automatically download and 
install new code. They might do that even if they never considered using 
the admin privileges to find a hole in the Bugzilla code, get a shell etc.


More information about the developers mailing list