<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title></title> <style type="text/css">  </style> </head> <body marginleft="10" marginright="10" margintop="10" marginbottom="10">             One thing the Bitfrost specification fails to address, and that no one in the mailing list has raised is security for plugins and extensions to activities. Look:             * Some activity writers will want to write their activity as a simple base with extensible plugins, in order to keep the base size small while allowing children looking for specialized functionality to receive it in a non-clunky fashion. Extensions to Squeak (which does have its own security system for plugins), Develop (which should in the end be extensible to allow, e.g. C development or a visual interface builder), and Draw (where there might be demand for various esoteric features) come to mind as examples.             * Furthermore, many of these extensions will be written not by random strangers but by the activity authors themselves. An extension written and signed by the activity author should install without hassling the user about security. Thus, such extensions are simply             * On the other hand, an extension written by someone else *should* hassle the user and *should* be subject to the same sort of restrictions Bitfrost puts on activities, so that a badly or maliciously written third-party plug in can't screw up the activity's reputation with the security monitor and can't corrupt the activity's files.             * Ergo, the Bitfrost implementation should include an easy-to-use library that allows plugins to be written and installed in a secure and easy-to-use manner. Because activities don't need to have the system know about extensions, this can even be shipped later, either in a system update or as a library that activity writers can drop in.             Anyone with influence agree that this will be something worth taking a look at later on?             The thing is, this isn't at all urgent. All of the example extensions that came to mind are very much non-essential (Bezier curve editing? Develop plugins? What are we, training a new generation of designers and programmers?), but there will undoubtedly come a time when an activity writer wants to allow their activity to be extended. Firefox, for instance, has an extension system that puts it ahead of the competition, and it has many extensions useful not only for professionals.            Giving people a secure and official way to offer extensibility will minimise instances where an activity is compromised with malicious third party code, which under Bitfrost would not be as dangerous, but would undoubtedly be *very* annoying.             Serhei Makarov            PS. Thank you for suffering through this long post; I hadn't the time to write a short one.. </body> </html>