Re: Remove GSAppKitUserBundles

discuss-gnustep

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remove GSAppKitUserBundles

From:	Matt Campbell
Subject:	Re: Remove GSAppKitUserBundles
Date:	Wed, 16 Mar 2011 18:55:00 -0500
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9

I don't understand why such a bundle-loading mechanism is considered asecurity hole. IMO, the proper response to security concerns is tosandbox untrusted code; of course, that's outside the scope of GNUstep.

More generally, a generic mechanism for loading additional modules atruntime, such as this one, allows developers to extend a platform inways that the platform's creators or maintainers didn't foresee. It'sworth noting that GTK+ has the GTK_MODULES variable for loading extramodules at startup. Back in the GTK 1.x days, that mechanism was usedto develop a prototype screen reader for GTK, before there was a properaccessibility API. More recently, I've seen that the Openmoko projecthas a module called libgtkstylus that's loaded through that samevariable. Anyway, I would strongly discourage removing a simple featurethat increases the extensibility of GNUstep. But maybe I just don'tunderstand the security risk.


Matt

[Prev in Thread]

Current Thread

[Next in Thread]

Remove GSAppKitUserBundles, Fred Kiefer, 2011/03/16
- Re: Remove GSAppKitUserBundles, David Chisnall, 2011/03/16
  - Re: Remove GSAppKitUserBundles, Matt Campbell <=
    - Re: Remove GSAppKitUserBundles, David Chisnall, 2011/03/16
    - Re: Remove GSAppKitUserBundles, Nicola Pero, 2011/03/17
    - Re: Remove GSAppKitUserBundles, Ivan Vučica, 2011/03/17
    - Re: Remove GSAppKitUserBundles, Matt Campbell, 2011/03/17
  - Re: Remove GSAppKitUserBundles, Fred Kiefer, 2011/03/17

Prev by Date: Re: Remove GSAppKitUserBundles
Next by Date: Re: Remove GSAppKitUserBundles
Previous by thread: Re: Remove GSAppKitUserBundles
Next by thread: Re: Remove GSAppKitUserBundles
Index(es):
- Date
- Thread