Re: Rise of the Plugins

On Fri, 2007-05-18 at 12:54 +0200, Martin Soto wrote:
> > I'm not saying there aren't security implications of plugins, but being 
> > able to run code on login is much easier to do without bothering with them!
> The fact that we already have some security holes to plug doesn't mean
> we should open new ones, though.

If plugins are disabled by default, then the user has to activate a
plugin explicitly.  This is less that optimal from a users point of
view, but it would solve the security issue.

Ross Burton                                 mail: ross burtonini com
                                          jabber: ross burtonini com
 PGP Fingerprint: 1A21 F5B0 D8D0 CFE3 81D4 E25A 2D09 E447 D0B4 33DF

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]