MobileRead Forums - View Single Post

Agama · 05-31-2011, 02:14 PM

Are there any safeguards in place for using calibre plugins?

I have seen the warning on adding a plugin which says that a plugin could be malware, and we can choose to trust the developer or not. But many of us do not have enough Python knowledge to check the plugin code for malicious behaviour.

Now I'm not suggesting that any of the plugin developers are rogues, but it would only take one bad apple to cause havoc to an unsuspecting user.

So in terms of safeguards, I wondered if the calibre team do any peer reviews of code submitted for plugins? Is there a list of 'certified' plugins?

05-31-2011, 02:14 PM	#1
Agama Guru Posts: 776 Karma: 2751519 Join Date: Jul 2010 Location: UK Device: PW2, Nexus7	Plugin Safety Are there any safeguards in place for using calibre plugins? I have seen the warning on adding a plugin which says that a plugin could be malware, and we can choose to trust the developer or not. But many of us do not have enough Python knowledge to check the plugin code for malicious behaviour. Now I'm not suggesting that any of the plugin developers are rogues, but it would only take one bad apple to cause havoc to an unsuspecting user. So in terms of safeguards, I wondered if the calibre team do any peer reviews of code submitted for plugins? Is there a list of 'certified' plugins?