Downloading plugins (Was: Summer of Code Projects)
after.fallout at gmail.com
Wed Feb 28 18:51:31 UTC 2007
Gervase Markham wrote:
> Bill Barry wrote:
>> I think it is a big project, but:
> Do we really want to encourage administrators to download and install
> code on their servers without examining it first? Servers and client
> machines (running Firefox) are fundamentally different here.
> I might give some non-malicious admin privileges on Bugzilla, but that
> doesn't mean I want them entering URLs to automatically download and
> install new code. They might do that even if they never considered
> using the admin privileges to find a hole in the Bugzilla code, get a
> shell etc.
I don't think anyone wants that. The plugin system for bugzilla would
need to be different than the systems for any of the MoCo software.
I would suggest each plugin passes a whole bunch of "safety" tests (to
be determined some time in the future) and would then need to be signed
by official reviewers (note). The system would only allow plugins to be
installed that are in the official repository or which are installed
from a command line via some perl script that accepts a URL. That way
admins can install official plugins through the interface and plugin
developers can install theirs through the command line. The command line
interface would only be documented in the developers guide and there
would be some sort of advisory that this is not the recommended way to
We don't want plugin developers to be too far off base with the core
developers of bugzilla anyways; good communication between them is a
must. So having official code review and security testing would be a
good thing no matter how much it slows everything down.
More information about the developers