Downloading plugins (Was: Summer of Code Projects)

Gervase Markham gerv at
Thu Mar 1 14:19:34 UTC 2007

Bill Barry wrote:
> I would suggest each plugin passes a whole bunch of "safety" tests (to 
> be determined some time in the future) and would then need to be signed 
> by official reviewers (note). 

This has big problems. a) Analysing code to make sure it's not malicious 
is really hard, and a lot of work even if you can't do it perfectly. b) 
This sort of close coupling basically makes the plugins a part of 
Bugzilla anyway.

What's the massive advantage of a text box saying "install the plugin at 
this URL", as opposed to "$ install-bz-plugin http://www.some.url" which 
means that we have to do masses of extra work to permit it?


More information about the developers mailing list