Re: Extensions manager ideas
- From: Ricardo Veguilla <veguilla hpcf upr edu>
- To: "Marcelo E. Magallon" <mmagallo debian org>
- Cc: epiphany-list gnome org
- Subject: Re: Extensions manager ideas
- Date: Tue, 07 Sep 2004 01:17:28 -0400
Marcelo E. Magallon wrote:
On Mon, Sep 06, 2004 at 02:33:10AM -0400, Ricardo Veguilla wrote:
> I think it will be a good idea to define a epiphany-extension
> mime-type (or just a specific file extension, perhaps .epy-ext) so
> the user could install the epiphany-extension by clicking a link from
> a web page or by clicking the downloaded file in the file-manager.
> Drag and drop should be an option too.
Uhm.
Yep, I forgot the disclaimer: "all of this is assuming we want the user
to be able to install an extension".
Unlike Firefox'es, epiphany's extensions aren't run in a sandbox[0],
are they? And they aren't Javascript, they are full blown binary code,
with access to the dynamic loader and whatnot.
The first problem with that is binary compatibility among... well among
a whole load of stuff: different Linux architectures, different OSes,
different Linux distributions for the same architecture, ...
The issue about binary incompatibility is exactly the same as for any
binary program. I'm guessing that people will make their extensions
available for the different distributions/arch/etc.
IMO, the issue, from the browser point of view, is how to minimize the
problem. Can we check if the extension is compatible?
The second is more serious: security. This screams Outlookish
nightmare.
In terms if security, I certainly agree that installing a "full blown
binary" extension is a potential security risk, but then again, so is
any rpm downloaded from the web.
<>
*Please* make installing extensions a very concious decision and
provide a highly visible way of *not* allowing them (a "Enable
Extensions", default "no", right under "Enable Javascript" would be a
start).
Agreed.
--
Ricardo Veguilla
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]