Whitelist extension (was: Re: [Typo3-typo3org] Comments on the mirroring concept)

[Juergen Egeling]

* Michael Stucki <michael at typo3.org> [050310 00:16]:
> > OK,it will be found, but that might take quite some time.
> 
> You may be right. But still I see much sense for such an extension. If it
> can't really ensure that nobody finds a way around this, then we can still
> give recommendations for the people. I think most people would be happy to
> have a list of extensions which they know that these have been reviewed and
> are regarded to be secure.

I do not see a technical problem here, but I see a legal problem. *If* we
try to give security by telling people we have done this or that to ensure
that a specific EXT is ok, we than have to do it every time a new version
somes out.
So better do not start this administrative nightmare. *Plus* if "shit happens"
by either someone putting in malicious code on purpose or by accident *who* than
is responsible?
There are (IMHO) two ways of responsibility)
a.) The people that judge are. Than this is an ejection seat I would not want
to sit on.
b.) The people that program the EXT, but than we just can stop doing the work,
as on a legal side it does not make a difference.
But by "approving" (or even find lesser words) we are trying to take
responsibility, which IMHO could only bring negative side effects, but
does not bring us many (any?) positive side effects.

Juergen
-- 
punkt.de GmbH               Internet-Dienstleistungen-Beratung
Vorholzstr. 25              Tel.: 0721 9109-0  Fax: -100 
76137 Karlsruhe             info at punkt.de    http://punkt.de/