https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632
--- Comment #16 from David Cook <[email protected]> --- (In reply to Jonathan Druart from comment #15) > You are assuming that an author who is trusted once is trusted for all the > plugins they will write. This assumption is wrong IMO. This assumption is the same as the software package managers on Windows and Linux. I think it's a fair and conventional assumption to make. That being said, I agree with the content of what you're saying, which is why this feature needs to be paired with a whitelist where administrators can define which plugins should be allowed to be installed. That way administrators specify that only X authentic plugins from Y trusted authors can be installed. I'm planning to code the whitelist functionality too, but haven't had the time yet. In lieu of it, I think adding a signature system alone is better than the nothing that we have at the moment. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
