incubator-callback-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Grieve <agri...@chromium.org>
Subject Re: [Android] CB-1062 : Should a plugin be able to get an instance of any plugin via plugin manager?
Date Thu, 13 Sep 2012 19:46:52 GMT
I don't think there's any such thing as an untrusted plugin when you're
talking about letting it include whatever source it wants in your project.

I think this request is reasonable, but I'd also be curious to know what
the use-cases are.


On Thu, Sep 13, 2012 at 3:15 PM, Joe Bowser <bowserj@gmail.com> wrote:

> Hey
>
> So, this was a feature request and I can see how it can be useful, but
> I can also see how an untrusted plugin can go and totally screw with
> other plugins.  I know that we basically assume that developers who
> use plugins know what they are doing, but after all the times we broke
> plugins we know that this definitely isn't the case.  So, how do
> people feel about this issue? Should we punt it and say that it's a
> security risk because application devs can't read Java, or do we allow
> it and warn plugin developers.
>
> Any thoughts?
>
> Joe
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message