Downloading plugins (Was: Summer of Code Projects)

Christopher Hicks chicks at
Fri Mar 2 09:49:52 UTC 2007

On Thu, Mar 01, 2007 at 02:19:34PM +0000, Gervase Markham wrote:
> Bill Barry wrote:
> >I would suggest each plugin passes a whole bunch of "safety" tests (to 
> >be determined some time in the future) and would then need to be signed 
> >by official reviewers (note). 
> This has big problems. a) Analysing code to make sure it's not malicious 
> is really hard, and a lot of work even if you can't do it perfectly. b) 
> This sort of close coupling basically makes the plugins a part of 
> Bugzilla anyway.

Are we planning on having the plugins running inside Safe compartments?  It might provide better isolation as well as a choke point for the security folks to fondle.


The whole problem with the world is that fools and fanatics are always so
certain of themselves, and wiser people so full of doubts.
            - Bertrand Russell, philosopher, mathematician, author,
              Nobel laureate (1872-1970)

More information about the developers mailing list