Add security and privacy policies for extension development#378
Add security and privacy policies for extension development#378martin-helmich wants to merge 5 commits intomasterfrom
Conversation
martin-helmich
force-pushed
the
feature/security-privacy-policy
branch
from
eb578e6 to
db948db
Compare
|
|
||
| When a user uninstalls an _Extension Instance_, any data stored or processed by the extension related to that extension instance must be securely deleted. This includes: | ||
|
|
||
| - User-generated data stored locally or remotely by the extension. |
There was a problem hiding this comment.
The "remotely" part of this depends on whether we want to allow extensions to "eject" themselves (i.e. leave any managed resources that they created to be managed by the user themselves, when the extension is installed).
There was a problem hiding this comment.
This is a delicate topic. We still do not have a solution to enable contributors to "eject" their extension instance.
This is still a trade off situation between lifetime of access tokens and possibility of cleaning up mStudio resources.
There was a problem hiding this comment.
Isn't "ejecting" the default right now? Since the access tokens are revoked before the ExtensionInstanceRemovedFromContext webhook is invoked, there's no possibility to clean up anything (at least, any mStudio resources), anyway.
There was a problem hiding this comment.
yeah wrong terminology. i meant we currently offer no way of cleaning up the mStudio resources created by the extension, but this topic possibly will get some traction shortly.
| When a user uninstalls an _Extension Instance_, any data stored or processed by the extension related to that extension instance must be securely deleted. This includes: | ||
|
|
||
| - User-generated data stored locally or remotely by the extension. | ||
| - Logs or backups created by the extension during its operation. |
There was a problem hiding this comment.
Might be unfeasible in some cases (for example, most extensions will manage all instances in a single deployment unit, meaning that backups and logs will contain data from all instances). Maybe change the wording to something like "should be asserted that backups and logs are deleted eventually"...? 🤔
|
|
||
| When a user uninstalls an _Extension Instance_, any data stored or processed by the extension related to that extension instance must be securely deleted. This includes: | ||
|
|
||
| - User-generated data stored locally or remotely by the extension. |
There was a problem hiding this comment.
This is a delicate topic. We still do not have a solution to enable contributors to "eject" their extension instance.
This is still a trade off situation between lifetime of access tokens and possibility of cleaning up mStudio resources.
Co-authored-by: freisenhauer <mail@freisenhauer.de> Signed-off-by: Martin Helmich <kontakt@martin-helmich.de>
2 participants
This PR adds a security and a privacy policy for marketplace extension development.
Still missing: