Once upon a time, Adam Williamson <[email protected]> said: > Well, practically speaking we do have to have *some* degree of trust in > our suppliers for apps as large and complex as a web browser or, say, > an office app.
True, but I do think there's a difference between trusting code we get and trusting that they will properly secure/won't abuse an additional install channel. > I dunno about 'silently', but there are certainly other cases of this, > yes. GNOME Software can install GNOME Shell extensions (which are code, > and can do anything with the privileges of the user account running the > shell) from a non-Fedora source (extensions.gnome.org), for instance. So, I guess it is in policy somewhere, but... what's the difference between that and Fedora having RPMs that install yum repo files for other repositories? -- Chris Adams <[email protected]> _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
