05-31-2011, 02:14 PM | #1 |
Guru
Posts: 776
Karma: 2751519
Join Date: Jul 2010
Location: UK
Device: PW2, Nexus7
|
Plugin Safety
Are there any safeguards in place for using calibre plugins?
I have seen the warning on adding a plugin which says that a plugin could be malware, and we can choose to trust the developer or not. But many of us do not have enough Python knowledge to check the plugin code for malicious behaviour. Now I'm not suggesting that any of the plugin developers are rogues, but it would only take one bad apple to cause havoc to an unsuspecting user. So in terms of safeguards, I wondered if the calibre team do any peer reviews of code submitted for plugins? Is there a list of 'certified' plugins? |
05-31-2011, 02:20 PM | #2 |
creator of calibre
Posts: 43,992
Karma: 22669822
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
I certainly don't review plugin code. I have my hand full reviewing code submitted for inclusion into calibre as it is
I suggest you stick to plugins you get from the plugins forum here. Look at the thread for the plugin. If it has many comments indicating several users, or is developed by a long term member of this board, then it is likely to be OK. |
05-31-2011, 03:01 PM | #3 |
Sigil & calibre developer
Posts: 2,487
Karma: 1063785
Join Date: Jan 2009
Location: Florida, USA
Device: Nook STR
|
Plugins that are not distributed as part of calibre are not vetted, tested or guarenteed to work. Hence the warning message when adding 3rd party plugins. If they're not a part of calibre they're 3rd party.
You are as safe with plugins from respected and long term members of this community, like Kiwidude, as you are with plugins that come as part of caibre. What it really comes down to is the source (not code) of the plugin. Is it some randome site on the internet or a MobileRead member with thousands of posts and tens of thousands of karma points? Ask yourself do I trust giving the plugin and by extension the person who wrote it to run it on my computer? |
05-31-2011, 03:38 PM | #4 |
Guru
Posts: 776
Karma: 2751519
Join Date: Jul 2010
Location: UK
Device: PW2, Nexus7
|
Thanks for the replies. I have been trying one of Kiwidude's plugins, (currently in beta), as it looks useful and I've seen him posting quite a bit to this forum so I can see that he's got a good reputation. (I didn't know that sites other than MR even had calibre plugins, but it certainly sounds safer to stay away from them).
Do plugins from members ever become part of calibre itself? |
05-31-2011, 03:44 PM | #5 |
Sigil & calibre developer
Posts: 2,487
Karma: 1063785
Join Date: Jan 2009
Location: Florida, USA
Device: Nook STR
|
|
06-01-2011, 02:02 AM | #6 |
Wizard
Posts: 3,130
Karma: 91256
Join Date: Feb 2008
Location: Germany
Device: Cybook Gen3
|
Moderator Notice
Moved out of the development subforum. Please read the sticky before posting there. |
06-01-2011, 11:40 AM | #7 | |
(he/him/his)
Posts: 12,165
Karma: 79742714
Join Date: Jul 2010
Location: Sunshine Coast, BC
Device: Oasis (Gen3),Paperwhite (Gen10), Voyage, Paperwhite(orig), Fire HD 8
|
Quote:
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
New Plugin Type Idea: Library Plugin | cgranade | Plugins | 3 | 09-15-2010 12:11 PM |
Mystery and Crime Fletcher, J.S.: The Safety Pin v2.0 2008-06-21 | JSWolf | IMP Books | 1 | 06-21-2008 10:32 PM |
Mystery and Crime Fletcher, J.S.: The Safety Pin v2.0 2008-06-21 | JSWolf | Kindle Books | 1 | 06-21-2008 10:28 PM |
Mystery and Crime Fletcher, J.S.: The Safety Pin v2.0 2008-06-21 | JSWolf | BBeB/LRF Books | 3 | 06-21-2008 10:19 PM |
Wrist/neck strap for safety | dcalder | Bookeen | 4 | 01-16-2008 09:41 AM |