Issue #4916 has been updated by Jacob Helwig. Status changed from Rejected to Accepted
Nigel Kersten wrote: > I'd actually forgotten I'd filed this a while ago before I joined Puppet Labs. > > We're reversing position on this one given we'd like to be able to pluginsync > more and more of the code base. > > I'm going to reject it. This shouldn't interfere with the plan to pluginsync more and more types and providers, and probably becomes more important to be careful about what things plugins can override as we increase the frequency with which pluginsync is used to deliver things. It's also something that we were planning on tackling in the near future on the Open Source Team. Re-opening this, since it's relatively high on our current backlog, and we still feel that it's something that should be done as part of the larger plan of cleaning up the autoloader behavior in Puppet. ---------------------------------------- Bug #4916: Plugins should not be able to override core functionality. https://projects.puppetlabs.com/issues/4916 Author: Nigel Kersten Status: Accepted Priority: Normal Assignee: Category: plug-ins Target version: Telly Affected Puppet version: Keywords: Branch: If you take core functionality like a provider, say puppet/providers/package/apt.rb and copy it to a module libdir, and then have pluginsync on... then anyone consuming that modulepath, regardless of whether they consume this particular module, will have this plugin override the core functionality. I think this is a problem. It really doesn't seem like a good idea from a security point of view for plugins to be able to override an equivalent core library. I understand that some people find this useful for patching functionality with providers. This doesn't make it right. They should instead be inheriting from the desired provider and specifying the provider they want. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
