On Wed, Apr 9, 2014 at 4:43 PM, Tobias Jakobs wrote: >> It's a wee bit more complicated. Think of e.g. security concerns. >> Sure, you can sit down and analyze the code of every submitted plugin, >> but this solution is not scalable, and a scalable solution (as in >> "automated check for exploits") is likely to be expensive. > > But this is not a new problem. If you at the moment download anything from > the registry and install it, it could destroy your system. Exactly. You need to 1) go, 2) find, 3) download, 4) find out, how to install, 5) install. Whereas the proposed system suggests taking away steps 1), 3) and 4). The expected effect of that will be a huge increase of deployed extensions and, as a consequence, an increased interest to GIMP from people who write exploits. My concern is how this interest can realistically be handled, because we shall be paying for a better technology with an increased reputation risk. > This should not stop us from improving it. I wasn't even implying that. Alexandre _______________________________________________ gimp-developer-list mailing list List address: gimp-developer-list@xxxxxxxxx List membership: https://mail.gnome.org/mailman/listinfo/gimp-developer-list List archives: https://mail.gnome.org/archives/gimp-developer-list
