https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20340 --- Comment #49 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- (In reply to David Cook from comment #41)
Anyone else think that it's a terrible idea to have authentication plugins that non-technical staff can load into Koha? Sounds like a massive security problem waiting to happen.
This is a manageable risk. I believe we should end up with a repository of signed and trusted plugins as per Alex's response (comment #48) and have a granular set of permissions on the server as to what types of plugins may be installed via the client. I've been wanting to work towards this for some time, along with adding translations to plugins and generally enhancing the system as a whole.. but these things all need sponsorship, time and money. (In reply to David Cook from comment #43)
I think we should ask ourselves what we're trying to achieve here. Are we adding authentication plugins via the Staff UI, because it's too difficult to get changes into Koha, especially around authentication?
Koha is a well established and highly reliable system these days, relied upon by countless libraries. I am a firm believer in our quality assurance policies and the both the commit logs and release notes serve to prove that the software is still moving forward rapidly with enhancements and new features continually being integrated. Yes, we could always do with more hands/eyes on the code and people supporting each other by offering SO and QA time. That is something I intend to work on if I am elected to be RM over the next two cycles, but I think it's very unfair to suggest one has to have extensive influence/power to get code into the community. I believe we are a very supportive and friendly community in 99% of cases and I would certainly support anyone's efforts to get code in.. sometimes it is hard to pick which bugs to focus on and I'm always open to suggestions via any means (email, irc, bugzilla priorities) Finally, I concur with Chris, thankyou very much for taking the time to both look at this and submit followup code Axel. I will take a look at it all at my earliest convenience and attempt to help get things moving again. -- You are receiving this mail because: You are watching all bug changes.