Laurent Godard wrote: > Hi joerg > >> >> For the web install, see Mathias' answer. If we support that and make it >> easy for anyone to upload their macros to an 'official' repository the >> security risk is really high. > > I agree (hum almost as i strongly would like a repository :) ), there > should be an audit of every macro/addon that is submitted by a kind of > comittee > > But in fact, regarding security, what is the difference with an addon > the user would download elsewhere ?
The difference is that the user has downloaded it by himself and not through OOo directly - that can make a *big* difference both in legal consequences and in the effect it has to the outside world. > The key is perharps "signing" ? > Some kind of levels on this repository > - unverified (use it at your own risk) <-- entry point > - testing > - certified IMHO Add-On security should be set up like macro security, that is a mixture of signing and the definition of "secure" sites. Best regards, Mathias -- Mathias Bauer - OpenOffice.org Application Framework Project Lead Please reply to the list only, [EMAIL PROTECTED] is a spam sink. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
