[sugar] Re: [OLPC Security] Security for plugins

Serguei Makarov SMakarov
Tue Mar 20 00:16:51 EDT 2007

           It's more that there should be an "official" way of
doing plugins, and that the Bitfrost people should look at it when it
comes around, which might not happen until later. But it's important not
only to look at things from a security perspective but from a technical
and usability perspective:
           * Activities don't need a restart to handle plugins..
           * Installation should be handled on a click on web link then
run basis, just like with .xo packages..
           * Minimal package management: the only thing the operating
system should do is to look at downloaded ".plugin" packages and
see which activity they apply to.
          You know, the basics..

<meaningless tangent>
          The fact is that lots of things in Sugar have not been specified
yet with regards to how they should work (large activity suites like
TamTam where you switch between several activities and stuff like that,
methods for integrating data from various activities in order to create
presentations and collages and screencasts and webpages and teddy
bears...). I want to write a sort of independent design review thing, with
an eye to small details like that, so that there's another point to anchor
people's conceptions of how the end result should work than the Pentagram
mockups (which they don't show in their entirety to random people off the
street like me anyway, for some reason I hope to eventually understand),
but before that happens I want to write a prototype for the bulletin board
functionality (why not?), and before THAT happens I have to get proficient
with writing Sugar stuff.
</meaningless tangent>

           Until then, I'm off to my day job. I just wanted to point out
one of the things that should be thought about.

           Serhei Makarov

Ivan Krsti <krstic at solarsail.hcs.harvard.edu> writes:
>Fully agreed; I'm thinking about this a lot. I spoke at PyCon about
>seeing plugins as critical to managing software growth, so I consider
>them an important use case. I'm open to ideas on approaching the
>security aspect -- I have some, but none that I see as clearly good
>Ivan Krsti <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.laptop.org/pipermail/sugar/attachments/20070320/40845afc/attachment.html

More information about the Sugar-devel mailing list