--- On Thu, 11/24/11, Rob Weir <robw...@apache.org> wrote: > > Here are some proposal elements around the Attack > Surface of Apache > OpenOffice and keeping it small: > > > > P1. Extensions, supplements, and updates > downloaded by the run-time > installer or product shall only be retrieved from URLs > under Apache control > from sites operated by Apache infrastructure. As a > secondary defense, > authentication procedures will be used to confirm the > provenance of such > downloads. > > > > I think you're trying to control what isn't yours. >
Of course !! You have to control *especially* what is not yours. Chrome runs its plugins in a sandbox, and that would be very cool to have in OpenOffice. Chrome on FreeBSD uses Capsicum; http://www.cl.cam.ac.uk/research/security/capsicum/ and I understand it was being ported to linux too. Pedro.