https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25370
--- Comment #1 from David Cook <[email protected]> --- I am thinking the whitelist would contain an entry like "Koha::Plugin::Com::ByWaterSolutions::CSV2MARC". However, another plugin could pretend to be that same one. A malicious plugin could pretend to be a popular plugin and thus defeat the whitelist. With Bug 24632, that would be far less likely. You could set up your plugin keys so that only Bywater Solutions is trusted, and then only "Koha::Plugin::Com::ByWaterSolutions::CSV2MARC" is allowed on the whitelist. It is still possible to have collisions if you trust more than one provider and they use the same name, but that is unlikely due to the naming conventions Kyle created from the start. Different vendors should use their company names like "Koha::Plugin::Com::ProsentientSystems::OaiHarvester" (which one day I hope to be a real thing). Plus, if we did start using vendor/community Github/Gitlab as repositories, we could potentially limit the likelihood of people sourcing plugins from obscure locations. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
