Re: Deskbar Applet, NewStuffManager, 2.16, Installing New Plug-Ins, AutoUpdate, etc.

["Isak Savo" <isak savo gmail com>]

2006/8/1, Vincent Untz <vuntz gnome org>:
> Hi,
>
> Le mardi 01 août 2006, à 11:42, Nigel Tao a écrit :
> > > > You mean running untrusted code from the Web?
>
> > > Nigel said it would be possible to secure it a bit using GPG keys.
> > > Maybe this kind of signing should be made a requirement.
> >
> > Well, should signing be necessary and/or sufficient, and who makes
> > that decision?
>
> Here's my opinion:
[...]
>  + I wouldn't want to see this active until we have a proper way to make
>    this "secure".
>
> I'm no expert in security, so I can't help that much. Would waiting for
> the 2.18 release cycle be an issue for desbkar? It could leave us time
> to properly handle the security/trust issue and to make other modules
> use this.

If I get this right, the NewStuffManager thingly is just an easier way
to download and install plugins ("new stuff"), right?

As such, I don't really see why this thing would be impose any
security issues that didn't exist earlier. Lots of applications
already have a plug-in system, and to my knowledge, they also allow
extra plugins to be installed in $HOME (i.e. without root access). The
only thing that's changed is that it's suddenly possible to install
them without manually downloading and copying files to hidden
directories.

If plugins are a security issue, then don't provide a plugin
architecture. Don't rely on the fact that it's hard to install plugins
as a way to ensure the user's system is secure[1]. Things like social
engineering will breach that wall sooner or later anyway...

Thanks,
Isak

[1] http://en.wikipedia.org/wiki/Security_through_obscurity