Once upon a time, Adam Williamson <adamw...@fedoraproject.org> said: > Well, practically speaking we do have to have *some* degree of trust in > our suppliers for apps as large and complex as a web browser or, say, > an office app.
True, but I do think there's a difference between trusting code we get and trusting that they will properly secure/won't abuse an additional install channel. > I dunno about 'silently', but there are certainly other cases of this, > yes. GNOME Software can install GNOME Shell extensions (which are code, > and can do anything with the privileges of the user account running the > shell) from a non-Fedora source (extensions.gnome.org), for instance. So, I guess it is in policy somewhere, but... what's the difference between that and Fedora having RPMs that install yum repo files for other repositories? -- Chris Adams <li...@cmadams.net> _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org