Downloading plugins (Was: Summer of Code Projects)

[Bill Barry]

Gervase Markham wrote:
> Bill Barry wrote:
>> I think it is a big project, but:
>> https://bugzilla.mozilla.org/show_bug.cgi?id=371333
>
> Do we really want to encourage administrators to download and install 
> code on their servers without examining it first? Servers and client 
> machines (running Firefox) are fundamentally different here.
>
> I might give some non-malicious admin privileges on Bugzilla, but that 
> doesn't mean I want them entering URLs to automatically download and 
> install new code. They might do that even if they never considered 
> using the admin privileges to find a hole in the Bugzilla code, get a 
> shell etc. 
I don't think anyone wants that. The plugin system for bugzilla would 
need to be different than the systems for any of the MoCo software.

I would suggest each plugin passes a whole bunch of "safety" tests (to 
be determined some time in the future) and would then need to be signed 
by official reviewers (note). The system would only allow plugins to be 
installed that are in the official repository or which are installed 
from a command line via some perl script that accepts a URL. That way 
admins can install official plugins through the interface and plugin 
developers can install theirs through the command line. The command line 
interface would only be documented in the developers guide and there 
would be some sort of advisory that this is not the recommended way to 
install plugins.


note:

We don't want plugin developers to be too far off base with the core 
developers of bugzilla anyways; good communication between them is a 
must. So having official code review and security testing would be a 
good thing no matter how much it slows everything down.