On 06/21/2011 06:28 PM, Genes MailLists wrote:
I'd be very wary of 3rd party extensions - the API is not guaranteed to be stable and the extensions live outside of gnome core - so they may break at any time - unless they are released and tested as part of core it seems like bad advice to suggest people rely on them.
Also, how are security/privacy issues checked and managed in extensions versus gnome core - do people just trust the extension writers - or are the fedora packagers actively verifying there are no issues?
GNOME Shell Extensions is a module that is in upstream gnome as much as GNOME Shell is. Extensions submitted there get reviewed and merged at
http://git.gnome.org/browse/gnome-shell-extensions
Suggesting those extensions are not problematic necessarily. For other extensions, it is usually trivial amount of javascript code. Security and privacy issues are no more problematic for those extensions than any other random package in the Fedora repository. Nobody is actively reviewing code typically at the distribution level. The situation now is not ideal because extensions are new and we haven't hashed out all the details yet but there isn't a reason to be alarmed about it.
Rahul