Really, what I would like to see is a security warning on extensions that
invoke external processes, write files, or connect to the Internet, similar to
what Android does when you try to install an application from the Android
marketplace.
In its present release, LibreOffice is blacklisted when you try to install or
run it in Apple OSX mountain lion. In part, this may be due to a security
concern that extensions can run arbitrary code without warnings. In the future,
OpenOffice and its variants may face increasing restrictions.
Most people go ahead and install the Android Applications in spite of the
warnings. At least they have been given the opportunity for informed consent.
> Date: Mon, 22 Oct 2012 11:54:41 -0400
> Subject: Bringing social capabilities into the core SDK
> From: robw...@apache.org
> To: ooo-...@incubator.apache.org
> CC: ooo-dev@incubator.apache.org
>
> (Responses please to the ooo-api list)
>
> I wanted to confirm some thinking I've been having recently. Please
> let me know if any of this sounds plausible or even useful.
>
> The problem I'm trying to solve is how to make OpenOffice better
> connected with the online tools that we all use today, from DropBox to
> Drupal, Twitter to Facebook, Sharepoint to SAP. We do have a few
> extensions in these areas. That is good. But I'm wondering if there
> are some things we can do in the API to make these kinds of extensions
> much easier.
>
> The key observation is that there is a set of protocols and formats
> that have emerged as the basic foundation of connecting with these
> kinds of apps. HTTP/XML at the base, but also on top things like RSS,
> Atom, OData, OAuth, OpenID, OpenSocial, CMIS, etc.
>
> What if we made available in our SDK, access to a cross-platform
> library that provided these capabilities without any extra coding
> required? Where needed, provide integration with native credential
> stores, etc. So the SDK does all the heavy lifting. The extension
> authors can then focus on things at a higher level.
>
> In other words, make socially-connected OpenOffice apps be in the
> reach of every app developers, rather than requiring a protocol
> expert.
>
> I'd be interested in hearing from extension authors on whether such a
> capability would be useful. And how useful?
>
> Regards,
>
> -Rob
