Downloading plugins (Was: Summer of Code Projects)
Gervase Markham
gerv at mozilla.org
Fri Mar 2 14:57:23 UTC 2007
Bill Barry wrote:
> We can't make certain that the code is not malicious (not perl anyways),
> but we certainly can make sure it conforms to coding standards
> associated with bugzilla (taint, warnings, passes included test suite,
> uses dbi, ...) .
We can - but what does it buy us? We're just doing free QA for their
project.
And we can't exactly tell admins "don't install this - it doesn't have a
2-space indent".
> We can also make sure each plugin has contribution
> history to tell who did what (cvs blame and logs) to help deter people
> from intentionally writing malicious code.
"Don't install this - it doesn't have a public source repository"?
>> b) This sort of close coupling basically makes the plugins a part of
>> Bugzilla anyway.
>>
> Is that a problem? I think it would help getting contributers to
> Bugzilla itself.
It's a problem because it defeats the entire point of plugins. The point
of plugins is that someone else does all the work, and we don't have to
worry about it too much. So people can extend Bugzilla in the directions
they like without taking core development team resources.
Gerv
More information about the developers
mailing list