[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon May 4 01:12:44 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632
--- Comment #16 from David Cook <dcook at prosentient.com.au> ---
(In reply to Jonathan Druart from comment #15)
> You are assuming that an author who is trusted once is trusted for all the
> plugins they will write. This assumption is wrong IMO.
This assumption is the same as the software package managers on Windows and
Linux. I think it's a fair and conventional assumption to make.
That being said, I agree with the content of what you're saying, which is why
this feature needs to be paired with a whitelist where administrators can
define which plugins should be allowed to be installed.
That way administrators specify that only X authentic plugins from Y trusted
authors can be installed.
I'm planning to code the whitelist functionality too, but haven't had the time
yet. In lieu of it, I think adding a signature system alone is better than the
nothing that we have at the moment.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list