Downloading plugins (Was: Summer of Code Projects)
Gervase Markham
gerv at mozilla.org
Wed Feb 28 17:25:11 UTC 2007
Bill Barry wrote:
> I think it is a big project, but:
> https://bugzilla.mozilla.org/show_bug.cgi?id=371333
Do we really want to encourage administrators to download and install
code on their servers without examining it first? Servers and client
machines (running Firefox) are fundamentally different here.
I might give some non-malicious admin privileges on Bugzilla, but that
doesn't mean I want them entering URLs to automatically download and
install new code. They might do that even if they never considered using
the admin privileges to find a hole in the Bugzilla code, get a shell etc.
Gerv
More information about the developers
mailing list