Whitelist extension (was: Re: [Typo3-typo3org] Comments on themirroring concept)
JoH
info at cybercraft.de
Thu Mar 10 10:41:13 CET 2005
>> You may be right. But still I see much sense for such an extension.
>> If it can't really ensure that nobody finds a way around this, then
>> we can still give recommendations for the people. I think most
>> people would be happy to have a list of extensions which they know
>> that these have been reviewed and are regarded to be secure.
>
> I do not see a technical problem here, but I see a legal problem.
> *If* we
> try to give security by telling people we have done this or that to
> ensure
> that a specific EXT is ok, we than have to do it every time a new
> version
> somes out.
> So better do not start this administrative nightmare. *Plus* if "shit
> happens" by either someone putting in malicious code on purpose or by
> accident *who* than is responsible?
> There are (IMHO) two ways of responsibility)
> a.) The people that judge are. Than this is an ejection seat I would
> not want to sit on.
> b.) The people that program the EXT, but than we just can stop doing
> the work, as on a legal side it does not make a difference.
> But by "approving" (or even find lesser words) we are trying to take
> responsibility, which IMHO could only bring negative side effects, but
> does not bring us many (any?) positive side effects.
I don't see the legal problem, since any extension and TYPO3 itself are
GPLed. GPL states clearly that there is no warranty at all.
So reviewing extensions and giving recommendations is something that still
gives no warranty but a better feeling for the end users.
If you can say: There is a list of extensions that have been checked for
security by professional developers it's something like the label
"Dermatologisch getestet", that doesn't say anything but gives you a better
feeling when putting those chemicals into your face ...
So it is not legally relevant but good for marketing ...
Joey
--
Wenn man keine Ahnung hat: Einfach mal Fresse halten!
(If you have now clues: simply shut your gob sometimes!)
Dieter Nuhr, German comedian
openBC: http://www.openbc.com/go/invuid/Jo_Hasenau
More information about the TYPO3-team-typo3org
mailing list