Changes between Initial Version and Version 1 of Ticket #15624, comment 1
- Timestamp:
- 2017-12-02T15:04:09+01:00 (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #15624, comment 1
initial v1 3 3 Putting in place a PKI/signing infrastructure would be overkill. We rely on the good faith of the community. 4 4 5 Yet I agree this is a risk in a professional environment. What we could do to mitigate it is rely on the notion of "external plugin". We could offer a security mechanism on client side which blocks any plugin which is, or suddenly becomes, external (i.e coming form a different location than svn.openstreetmap.org and github.com/JOSM). 5 Yet I agree this is a risk in a professional environment. What we could do to mitigate it is rely on the notion of "external plugin". We could offer a security mechanism on client side which blocks any plugin which is, or suddenly becomes, external (i.e coming form a different location than svn.openstreetmap.org and github.com/JOSM. The list is currently customizable I think, so you could also add private company repositories). 6 6 7 7 It should not be very difficult, maybe you would be interested in bringing in this feature?
