Bug 766788 – grilo sources secure by default

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 766788 - grilo sources secure by default


Summary:	grilo sources secure by default


Status:	RESOLVED WONTFIX

Product:	grilo
Classification:	Other
Component:	general
Version:	git master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	grilo-maint
QA Contact:	grilo-maint

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-05-23 12:13 UTC by Marinus Schraal
Modified:	2016-05-23 12:17 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Marinus Schraal 2016-05-23 12:13:13 UTC

Following the discussion in bug #747953 : currently Grilo exposes every plugin unless explicitly filtered by the user. With  the current focus on security by default this seems too permissive. Information leaking over the internet is a no-go and should be disabled by default.

options:
* disable insecure plugins by default - create an on switch
* just don't allow insecure plugins at all (remove them)
* ?

This is purely about security issues. Filtering on morality (adult/offensive content) is a different beast.

Comment 1 Bastien Nocera 2016-05-23 12:17:25 UTC

With the "user" being the developer of the application.

They can make up their own mind. For me, leaking information about which albums I'm playing, or which video games I have, is fair enough if that means that it makes the UI better.

Your choice to make as an application developer.