Downloading plugins (Was: Summer of Code Projects)
Gervase Markham
gerv at mozilla.org
Thu Mar 1 14:19:34 UTC 2007
Bill Barry wrote:
> I would suggest each plugin passes a whole bunch of "safety" tests (to
> be determined some time in the future) and would then need to be signed
> by official reviewers (note).
This has big problems. a) Analysing code to make sure it's not malicious
is really hard, and a lot of work even if you can't do it perfectly. b)
This sort of close coupling basically makes the plugins a part of
Bugzilla anyway.
What's the massive advantage of a text box saying "install the plugin at
this URL", as opposed to "$ install-bz-plugin http://www.some.url" which
means that we have to do masses of extra work to permit it?
Gerv
More information about the developers
mailing list