On Fri, 2007-05-18 at 12:54 +0200, Martin Soto wrote:
> > I'm not saying there aren't security implications of plugins, but being
> > able to run code on login is much easier to do without bothering with them!
>
> The fact that we already have some security holes to plug doesn't mean
> we should open new ones, though.
If plugins are disabled by default, then the user has to activate a
plugin explicitly. This is less that optimal from a users point of
view, but it would solve the security issue.
Ross
--
Ross Burton mail: ross burtonini com
jabber: ross burtonini com
www: http://www.burtonini.com./
PGP Fingerprint: 1A21 F5B0 D8D0 CFE3 81D4 E25A 2D09 E447 D0B4 33DF
Attachment:
signature.asc
Description: This is a digitally signed message part