[TYPO3-dev] Removing "enable extension without reviews" checkbox
Steffen Müller
typo3 at t3node.com
Thu Jun 18 09:05:21 CEST 2009
Hi.
On 17.06.2009 22:08 Rupert Germann wrote:
>
> PS: hey folx, while you all wrote this monster thread you could have
> reviewed minimum 10 extensions ;-)
> _that_ is our current problem and not a checkbox!
Come on, that only one half of the problem:
If unknown Mr.X reviews an extension and says "hey, I checked ext XY,
it's save." Would the security-team trust him? I hope not.
Although the other way round, it works. If Mr.X says "Ext XY is unsafe,
I found a bug, here's the exploit..." - the ext could get cross-checked
and blacklisted.
Whitelisting extensions should be done by 4/6 eyes of approved members.
--
cheers,
Steffen
TYPO3 Blog: http://www.t3node.com/
Blubber on Twitter: http://twitter.com/t3node
More information about the TYPO3-dev
mailing list