On Mon, May 18, 2009 at 8:53 PM, chasd chasd@silveroaks.com wrote:
On May 18, 2009, at 11:18 AM, till wrote:
I'm working on a plugin repository.
I think this is a great idea, but I see a concern. Maybe I am a suspicious, paranoid person, but would there be any procedure or process to make sure plug-ins don't contain malicious code ?
I'm not suggesting that any of the current plug-ins contain malware, or that any developers on this list have nefarious purposes.
I haven't examined all of the code in RoundCube myself, so there is a level of trust between users and developers.
For some reason I see a potential security hazard downloading random plug-ins and sticking them into the guts of RoundCube.
Something to think about I guess, even if the end result is " That dude is stupid crazy ! "
No, I totally get your concern. We talked about that part and we do plan to evaluate plugins before we host them. We don't want to end up with 10000 plugins where only a handful works and 2/3 of them pose a risk to your system.
I don't know yet how much we can do automatically, etc.. I haven't looked into it. And most 'scanners' I have tried provided mediocre results.
Till _______________________________________________ List info: http://lists.roundcube.net/dev/