https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20415
--- Comment #6 from Tomás Cohen Arazi <[email protected]> --- (In reply to Liz Rea from comment #5) > They don't, that's the point. The reason for the many hoops here was that we > didn't want front end staff uploading un-verified code (none of the plugins > are independently audited, nor do they go through a community QA process) to > the public server filled with personally identifying information without the > IT departments of libraries being aware that it was happening. > > I can imagine a (however unlikely) scenario where someone makes a Really > Awesome Plugin(tm) that provided a function that lots of libraries want, > that does the feature but also sends the entire database to an unscrupulous > 3rd party. With the hoops, we can at least be sure that someone with access > to the server has spoken to the person in the library about their > intentions. Without them, either the sysadmin or the librarian could do this > independently and without speaking to each other. > > Experience tells me that librarians will do almost anything to get out of > talking to the IT department (yes it's a generalisation). This isn't a good > thing in this scenario, we have to think about the potential for theft of > data via the plugin system and do what we can to make sure that the people > tasked with protecting the data (the IT departments, usually) know exactly > what code is running on their publicly facing web servers. The multi factor > turn on for this feature is at the very least, due diligence on our part. We > could warn more, to be honest. > > I hope this helps explain my perspective a bit. > > Cheers, > Liz I agree with Liz. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
