Downloading plugins (Was: Summer of Code Projects)
David Miller
justdave at bugzilla.org
Thu Mar 1 12:53:45 UTC 2007
Gervase Markham wrote on 2/28/07 12:25 PM:
> Bill Barry wrote:
>> I think it is a big project, but:
>> https://bugzilla.mozilla.org/show_bug.cgi?id=371333
>
> Do we really want to encourage administrators to download and install
> code on their servers without examining it first? Servers and client
> machines (running Firefox) are fundamentally different here.
>
> I might give some non-malicious admin privileges on Bugzilla, but that
> doesn't mean I want them entering URLs to automatically download and
> install new code. They might do that even if they never considered using
> the admin privileges to find a hole in the Bugzilla code, get a shell etc.
I think the way wordpress does it works just fine, and would be a fine
system to emulate.
You still have to have shell (or ftp) access on the server to install a
plugin. Once it's installed, you can enable or disable it from the web
UI (and it's disabled by default at install time).
--
Dave Miller http://www.justdave.net/
System Administrator, Mozilla Corporation http://www.mozilla.com/
Project Leader, Bugzilla Bug Tracking System http://www.bugzilla.org/
More information about the developers
mailing list