Re: [Gimp-developer] Fwd: Gimp Registry Future

On Wed, Apr 9, 2014 at 4:43 PM, Tobias Jakobs wrote:

It's a wee bit more complicated. Think of e.g. security concerns.
Sure, you can sit down and analyze the code of every submitted plugin,
but this solution is not scalable, and a scalable solution (as in
"automated check for exploits") is likely to be expensive.

But this is not a new problem. If you at the moment download anything from
the registry and install it, it could destroy your system.

Exactly. You need to 1) go, 2) find, 3) download, 4) find out, how to
install, 5) install.

Whereas the proposed system suggests taking away steps 1), 3) and 4).

The expected effect of that will be a huge increase of deployed
extensions and, as a consequence, an increased interest to GIMP from
people who write exploits. My concern is how this interest can
realistically be handled, because we shall be paying for a better
technology with an increased reputation risk.

This should not stop us from improving it.

I wasn't even implying that.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]