Firefox (as an example of another application with addon support) already realized that addons may get a potential security risk, some time ago.
They have whitelists of sites, allowed to install addons and prompt the user that installing addons may cause security/privacy problems.
In my opinion it shouldn't be too easy to install addons. So for example the file type "oxt" shouldn't be registered to LibreOffice at all (Mozilla doesn't register their XPI to Firefox, also).
The extension manager should be the only way to install new addons, so a user has to explicitly enter a installation process and doesn't think he just opens some kind of document.
Listed in the wiki as whishlist, albeit in a slightly different approach
[This is an automated message.]
This bug was filed before the changes to Bugzilla on 2011-10-16. Thus it
started right out as NEW without ever being explicitly confirmed. The bug is
changed to state NEEDINFO for this reason. To move this bug from NEEDINFO back
to NEW please check if the bug still persists with the 3.5.0 beta1 or beta2 prereleases.
Details on how to test the 3.5.0 beta1 can be found at:
more detail on this bulk operation: http://nabble.documentfoundation.org/RFC-Operation-Spamzilla-tp3607474p3607474.html
Dear bug submitter!
Due to the fact, that there are a lot of NEEDINFO bugs with no answer within the last six months, we close all of these bugs.
To keep this message short, more infos are available @ https://wiki.documentfoundation.org/QA/NeedinfoClosure#Statement
Thanks for understanding and hopefully updating your bug, so that everything is prepared for developers to fix your problem.
something like RFE
Thanks for reporting!
(In reply to comment #1)
> Listed in the wiki as whishlist, albeit in a slightly different approach
Therefore I mark this as 'NEW' and add a 'See also' in that wiki page.
Since tdf#26019 has now been closed as fixed, it is possible to disable extension installation via both the Extension Manager and the file manager.
Extension installation/removal via GUI (and through browser/file manager) can be disabled after this series of patches:
Is this bug still valid?