Firefox (as an example of another application with addon support) already realized that addons may get a potential security risk, some time ago. They have whitelists of sites, allowed to install addons and prompt the user that installing addons may cause security/privacy problems. In my opinion it shouldn't be too easy to install addons. So for example the file type "oxt" shouldn't be registered to LibreOffice at all (Mozilla doesn't register their XPI to Firefox, also). The extension manager should be the only way to install new addons, so a user has to explicitly enter a installation process and doesn't think he just opens some kind of document.
Listed in the wiki as whishlist, albeit in a slightly different approach http://wiki.documentfoundation.org/Development/Enterprises_nice-to-have#Extensions_UI_should_be_disableable
[This is an automated message.] This bug was filed before the changes to Bugzilla on 2011-10-16. Thus it started right out as NEW without ever being explicitly confirmed. The bug is changed to state NEEDINFO for this reason. To move this bug from NEEDINFO back to NEW please check if the bug still persists with the 3.5.0 beta1 or beta2 prereleases. Details on how to test the 3.5.0 beta1 can be found at: http://wiki.documentfoundation.org/QA/BugHunting_Session_3.5.0.-1 more detail on this bulk operation: http://nabble.documentfoundation.org/RFC-Operation-Spamzilla-tp3607474p3607474.html
Dear bug submitter! Due to the fact, that there are a lot of NEEDINFO bugs with no answer within the last six months, we close all of these bugs. To keep this message short, more infos are available @ https://wiki.documentfoundation.org/QA/NeedinfoClosure#Statement Thanks for understanding and hopefully updating your bug, so that everything is prepared for developers to fix your problem. Yours! Florian
something like RFE
Thanks for reporting! (In reply to comment #1) > Listed in the wiki as whishlist, albeit in a slightly different approach > > http://wiki.documentfoundation.org/Development/Enterprises_nice-to- > have#Extensions_UI_should_be_disableable Therefore I mark this as 'NEW' and add a 'See also' in that wiki page. Kind regards, Joren
Since tdf#26019 has now been closed as fixed, it is possible to disable extension installation via both the Extension Manager and the file manager.
Extension installation/removal via GUI (and through browser/file manager) can be disabled after this series of patches: https://gerrit.libreoffice.org/36688 https://gerrit.libreoffice.org/37990 https://gerrit.libreoffice.org/38283 Is this bug still valid?