incubator-callback-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Maj <...@adobe.com>
Subject Re: [Android] CB-1062 : Should a plugin be able to get an instance of any plugin via plugin manager?
Date Mon, 17 Sep 2012 17:44:51 GMT
Late to the party but I think this is a reasonable request.

On 9/14/12 3:41 PM, "Simon MacDonald" <simon.macdonald@gmail.com> wrote:

>The more the merrier.
>
>Simon Mac Donald
>http://hi.im/simonmacdonald
>
>
>On Fri, Sep 14, 2012 at 5:36 PM, Joe Bowser <bowserj@gmail.com> wrote:
>
>> OK, so the guy posted his use case. I think we should ask him for a
>> patch, since he clearly has implemented it already.
>>
>> Thoughts?
>>
>> On Thu, Sep 13, 2012 at 2:15 PM, Joe Bowser <bowserj@gmail.com> wrote:
>> > I don't know why this is needed, to be honest.  I'll ask in the
>>ticket.
>> >
>> > On Thu, Sep 13, 2012 at 12:52 PM, Simon MacDonald
>> > <simon.macdonald@gmail.com> wrote:
>> >> That's my question, why do we need this?
>> >>
>> >> Simon Mac Donald
>> >> http://hi.im/simonmacdonald
>> >>
>> >>
>> >> On Thu, Sep 13, 2012 at 3:46 PM, Andrew Grieve <agrieve@chromium.org>
>> wrote:
>> >>
>> >>> I don't think there's any such thing as an untrusted plugin when
>>you're
>> >>> talking about letting it include whatever source it wants in your
>> project.
>> >>>
>> >>> I think this request is reasonable, but I'd also be curious to know
>> what
>> >>> the use-cases are.
>> >>>
>> >>>
>> >>> On Thu, Sep 13, 2012 at 3:15 PM, Joe Bowser <bowserj@gmail.com>
>>wrote:
>> >>>
>> >>> > Hey
>> >>> >
>> >>> > So, this was a feature request and I can see how it can be useful,
>> but
>> >>> > I can also see how an untrusted plugin can go and totally screw
>>with
>> >>> > other plugins.  I know that we basically assume that developers
>>who
>> >>> > use plugins know what they are doing, but after all the times we
>> broke
>> >>> > plugins we know that this definitely isn't the case.  So, how do
>> >>> > people feel about this issue? Should we punt it and say that it's
>>a
>> >>> > security risk because application devs can't read Java, or do we
>> allow
>> >>> > it and warn plugin developers.
>> >>> >
>> >>> > Any thoughts?
>> >>> >
>> >>> > Joe
>> >>> >
>> >>>
>>


Mime
View raw message