On May 18, 2009, at 11:18 AM, till wrote:
I'm working on a plugin repository.
I think this is a great idea, but I see a concern.
Maybe I am a suspicious, paranoid person, but would there be any
procedure or process to make sure plug-ins don't contain malicious
code ?
I'm not suggesting that any of the current plug-ins contain malware,
or that any developers on this list have nefarious purposes.
I haven't examined all of the code in RoundCube myself, so there is a
level of trust between users and developers.
For some reason I see a potential security hazard downloading random
plug-ins and sticking them into the guts of RoundCube.
Something to think about I guess, even if the end result is " That
dude is stupid crazy ! "