Downloading plugins (Was: Summer of Code Projects)
Christopher Hicks
chicks at chicks.net
Fri Mar 2 09:49:52 UTC 2007
On Thu, Mar 01, 2007 at 02:19:34PM +0000, Gervase Markham wrote:
> Bill Barry wrote:
> >I would suggest each plugin passes a whole bunch of "safety" tests (to
> >be determined some time in the future) and would then need to be signed
> >by official reviewers (note).
>
> This has big problems. a) Analysing code to make sure it's not malicious
> is really hard, and a lot of work even if you can't do it perfectly. b)
> This sort of close coupling basically makes the plugins a part of
> Bugzilla anyway.
Are we planning on having the plugins running inside Safe compartments? It might provide better isolation as well as a choke point for the security folks to fondle.
--
</chris>
The whole problem with the world is that fools and fanatics are always so
certain of themselves, and wiser people so full of doubts.
- Bertrand Russell, philosopher, mathematician, author,
Nobel laureate (1872-1970)
More information about the developers
mailing list