incubator-callback-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Bowser <bows...@gmail.com>
Subject Re: [Android] CB-1062 : Should a plugin be able to get an instance of any plugin via plugin manager?
Date Fri, 14 Sep 2012 21:36:14 GMT
OK, so the guy posted his use case. I think we should ask him for a
patch, since he clearly has implemented it already.

Thoughts?

On Thu, Sep 13, 2012 at 2:15 PM, Joe Bowser <bowserj@gmail.com> wrote:
> I don't know why this is needed, to be honest.  I'll ask in the ticket.
>
> On Thu, Sep 13, 2012 at 12:52 PM, Simon MacDonald
> <simon.macdonald@gmail.com> wrote:
>> That's my question, why do we need this?
>>
>> Simon Mac Donald
>> http://hi.im/simonmacdonald
>>
>>
>> On Thu, Sep 13, 2012 at 3:46 PM, Andrew Grieve <agrieve@chromium.org> wrote:
>>
>>> I don't think there's any such thing as an untrusted plugin when you're
>>> talking about letting it include whatever source it wants in your project.
>>>
>>> I think this request is reasonable, but I'd also be curious to know what
>>> the use-cases are.
>>>
>>>
>>> On Thu, Sep 13, 2012 at 3:15 PM, Joe Bowser <bowserj@gmail.com> wrote:
>>>
>>> > Hey
>>> >
>>> > So, this was a feature request and I can see how it can be useful, but
>>> > I can also see how an untrusted plugin can go and totally screw with
>>> > other plugins.  I know that we basically assume that developers who
>>> > use plugins know what they are doing, but after all the times we broke
>>> > plugins we know that this definitely isn't the case.  So, how do
>>> > people feel about this issue? Should we punt it and say that it's a
>>> > security risk because application devs can't read Java, or do we allow
>>> > it and warn plugin developers.
>>> >
>>> > Any thoughts?
>>> >
>>> > Joe
>>> >
>>>

Mime
View raw message