On Fri, 2007-05-18 at 12:54 +0200, Martin Soto wrote: > > I'm not saying there aren't security implications of plugins, but being > > able to run code on login is much easier to do without bothering with them! > > The fact that we already have some security holes to plug doesn't mean > we should open new ones, though. If plugins are disabled by default, then the user has to activate a plugin explicitly. This is less that optimal from a users point of view, but it would solve the security issue. Ross -- Ross Burton mail: ross burtonini com jabber: ross burtonini com www: http://www.burtonini.com./ PGP Fingerprint: 1A21 F5B0 D8D0 CFE3 81D4 E25A 2D09 E447 D0B4 33DF
Attachment:
signature.asc
Description: This is a digitally signed message part