Do

Are there plans for secure/approved plugin distribution?

Asked by Asa Ayers

I love using Gnome-do but I’m concerned about its method of plugins. What stops someone from building a gnome-do virus plugin and posting it in the wiki under plugins? I think gnome-do needs to have a method for downloading new plugins where I know that if I download a plugin I can know that its open source and has been reviewed. I've noticed that http://do.davebsd.com/plugins/ doesn't have any source for the plugins. Are they all open source? have they all been written as part of gnome-do or are some of them 3rd party plugins?

-Asa

Question information

Language:
English Edit question
Status:
Solved
For:
Do Edit question
Assignee:
No assignee Edit question
Solved by:
Richard Harding
Solved:
Last query:
Last reply:
Revision history for this message
Best Richard Harding (rharding) said : 		#1

There is an official branch of code called do-plugins. It's the official plugins. As people build 3rd party plugins and they're tested and stabilized they're asked to merge their plugins into that branch.

You can view the code for the currently included plugins here:
http://bazaar.launchpad.net/~do-plugins/do/do-plugins/files

Each plugin is a directory in there.

As for preventing a user from posting a plugin that does something malicious, there really isn't anything in the end to handle this. It's much like someone posting a firefox plugin that might do something malicious. One day it would be great to have some master plugin repository, but the project is very young for something so large at this point.

If you have some specific plans perhaps you can put together a blueprint that can be used as a potential project for Google's Summer of Code.

Revision history for this message
Mathieu Cadet (thelama) said : 		#2

When the mono.addins branch will be ready, it will be possible to search and download plugins from the 'official' repository directly from within GNOME Do.
I don't know if we can somewhat secure (sign) the official plugins (like we can do with FF extensions) and warn the user when he's installing a plugin from an untrusted source.

Revision history for this message
Asa Ayers (asa-ayers) said : 		#3

Thanks Richard Harding, that solved my question.