[Vtigercrm-developers] Issues and malwares - vtiger market place extension

Prasad prasad at vtiger.com
Tue Apr 28 16:17:48 GMT 2015 

Sutharsan,

Thank you - we will follow up with publisher and review the same.
Do you have instances where it posed trouble to system security?

--
FB <http://www.facebook.com/vtiger> I Twit <http://twitter.com/vtigercrm> I
LIn <https://www.linkedin.com/company/1270573?trk=tyah> I Blog
<https://blogs.vtiger.com> I Website <https://www.vtiger.com/>

On Tue, Apr 28, 2015 at 9:21 PM, Sutharsan Jeganathan <ajstharsan at gmail.com>
wrote:

> Hi Prasad
>
> I suspect similiar issue in Labels4you which I have already mentioned here
> in the same topic. It upate / rewrite the language files and overwrite them
> where the single quote is replaced by double quote
>
>
> Thanks
> Sutharsan Jeganathan
>
> On Tue, Apr 28, 2015 at 8:48 PM, Prasad <prasad at vtiger.com> wrote:
>
>> We have suspended vtDebug extension on marketplace..
>>
>> @Alan, @Błażej:
>> Thank you for the supportive review - we will tighten our process of
>> approval.
>>
>> Regards,
>> Prasad
>>
>> --
>> FB <http://www.facebook.com/vtiger> I Twit <http://twitter.com/vtigercrm>
>>  I LIn <https://www.linkedin.com/company/1270573?trk=tyah> I Blog
>> <https://blogs.vtiger.com> I Website <https://www.vtiger.com/>
>>
>> On Tue, Apr 28, 2015 at 7:30 PM, Alan Lord <alanslists at gmail.com> wrote:
>>
>>> On 28/04/15 14:50, Conrado Maggi wrote:
>>>
>>>> Hello Blazec,
>>>>
>>>> Thanks a lot for taking the time to review the extension. I agree that
>>>> the module needs to be removed from the marketplace.
>>>>
>>>> Also, I think vtiger really needs to reconsider the acceptance of
>>>> encrypted/obfuscated code. This is a clear example that it's not
>>>> sustainable.
>>>>
>>>> This impact not only that extension but the entire marketplace idea.
>>>>
>>>
>>> That's pretty scary stuff I agree.
>>>
>>> I would suggest that if vtiger wants to allow encrypted code they should
>>> sign an NDA with the publisher and then not allow it on the Marketplace
>>> until they have reviewed an unencrypted version and they use *at least* an
>>> MD5 hash to verify version updates etc...
>>>
>>> If Blazec's review is accurate (and I have no reason to doubt that) then
>>> That module really sucks.
>>>
>>> Al
>>>
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>>
>>
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20150428/d8c0690a/attachment.html>

More information about the vtigercrm-developers mailing list