I don't think there's any such thing as an untrusted plugin when you're talking about letting it include whatever source it wants in your project.
I think this request is reasonable, but I'd also be curious to know what the use-cases are. On Thu, Sep 13, 2012 at 3:15 PM, Joe Bowser <bows...@gmail.com> wrote: > Hey > > So, this was a feature request and I can see how it can be useful, but > I can also see how an untrusted plugin can go and totally screw with > other plugins. I know that we basically assume that developers who > use plugins know what they are doing, but after all the times we broke > plugins we know that this definitely isn't the case. So, how do > people feel about this issue? Should we punt it and say that it's a > security risk because application devs can't read Java, or do we allow > it and warn plugin developers. > > Any thoughts? > > Joe >
