Downloading plugins (Was: Summer of Code Projects)

David Miller justdave at
Thu Mar 1 12:53:45 UTC 2007

Gervase Markham wrote on 2/28/07 12:25 PM:
> Bill Barry wrote:
>> I think it is a big project, but:
> Do we really want to encourage administrators to download and install
> code on their servers without examining it first? Servers and client
> machines (running Firefox) are fundamentally different here.
> I might give some non-malicious admin privileges on Bugzilla, but that
> doesn't mean I want them entering URLs to automatically download and
> install new code. They might do that even if they never considered using
> the admin privileges to find a hole in the Bugzilla code, get a shell etc.

I think the way wordpress does it works just fine, and would be a fine
system to emulate.

You still have to have shell (or ftp) access on the server to install a
plugin.  Once it's installed, you can enable or disable it from the web
UI (and it's disabled by default at install time).

Dave Miller                         
System Administrator, Mozilla Corporation
Project Leader, Bugzilla Bug Tracking System

More information about the developers mailing list