Re: (in)SECURITY: mozilla-bonobo

From: Sean Middleditch <elanthis awesomeplay com>
To: gnome-devel-list gnome org
Subject: Re: (in)SECURITY: mozilla-bonobo
Date: Wed, 03 Dec 2003 15:41:06 -0500

On Wed, 2003-12-03 at 15:30, Fabio Gomes wrote:

> 	2. Create a "safe for web" flag that bonobo components must set if they
> are intended to be used as web components

This makes a lot of sense.  Especially, of course, if its off by
default.  Only components absolutely intended for use on the web should
be used here.

Additionally, if bonobo componets can be told, 'this is untrusted data'
(does gnome-vfs do this?  will that work with mozilla-bonobo?), then
they can intelligently disable certain features they may know are unsafe
(dangerous functions available to document macros, for example).

> 
> 	Please, let's not make the same mistakes that Micros~1 did. Let's learn
> from other's mistakes.
> 
> 	Time to flame me.
> 
> 	Also, time to think again about the creation of a gnome-security
> mailing list.

That sounds like a most excellent idea.  Altho real security policies
are needed; we don't want big exdploits posted to a public list before
the GNOME community, and distros, have a time to apply patches for
users.

> 
> 	Thanks for your attention.
-- 
Sean Middleditch <elanthis awesomeplay com>
AwesomePlay Productions, Inc.

Follow-Ups:
- Re: (in)SECURITY: mozilla-bonobo
  - From: Fabio Gomes
- Re: (in)SECURITY: mozilla-bonobo
  - From: Jean Bréfort

References:
- (in)SECURITY: mozilla-bonobo
  - From: Fabio Gomes

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]