搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

SOGo connector for Thunderbird

  • 4 回覆
  • 2 有這個問題
  • 2 次檢視
  • 最近回覆由 neirda

more options

Hello all,

First of all, I hope this question has not been asked yet; I'm sorry if it's the case.

Actually, after Zindus reaching its end of life a year ago, I'm looking for a new way to synchronize my contacts, managed by Zimbra, with Thunderbird. In this context, I'd like to know what the Thunderbird community thinks about the SOGo connector for TB (http://www.sogo.nu/fr/downloads/frontends.html). In particularly, why is this add-on not installable through Thunderbird interface?

Thanks a lot in advance for your help,

Cheers,

Neirda

Hello all, First of all, I hope this question has not been asked yet; I'm sorry if it's the case. Actually, after Zindus reaching its end of life a year ago, I'm looking for a new way to synchronize my contacts, managed by Zimbra, with Thunderbird. In this context, I'd like to know what the Thunderbird community thinks about the SOGo connector for TB (http://www.sogo.nu/fr/downloads/frontends.html). In particularly, why is this add-on not installable through Thunderbird interface? Thanks a lot in advance for your help, Cheers, Neirda

被選擇的解決方法

Security is always a difficult question to answer. Certainly the stuff at add-ons.mozilla.org (AMO) does go through a code scrutiny process by moderators there. But the source code is from all over and the scrutiny is only as good at the person making the examination on the day. SOGO is an established open source project, so if security is really a worry, you can always hire someone to look through the source code. That is what AMO does. At a personal level I do not have to many worries about security of SOGO simply because it is open source, the code can be examined and it would be a brave project hat would mess in their own nest with malware etc in their package.

On the other hand, the connector is only a part of the SoGo package, a tool to connect to their groupware server software. A live demo of which can be accessed here http://www.sogo.nu/tour/online_demo.html The fact it can be used for other things is just a bonus for the community really and a byproduct of them using standards based protocols.

On a practical level many anti virus vendors insert add-ons into Thunderbird when you install their packages. These are what your calling unofficial as well (they are not on AMO). Given that many of them intercept and decode SSL encrypted communications, I would be more concerned that they have a backdoor for three letter government agencies and I would be about the sogo connector. My trust in internet privacy died a long time ago! but I still trust open source unless there is a reason not to, simply because source code is available.

從原來的回覆中察看解決方案 👍 1

所有回覆 (4)

more options

Add-ons must be hosted on add-ons.mozilla.org for Thunderbird to find them but the add-on is installable, I installed it only a couple of weeks ago.

See http://chrisramsden.vfast.co.uk/3_How_to_install_Add-ons_in_Thunderbird.html

more options

Hi Matt,

Thanks a lot for your answer and this explanation!

Actually, as this add-on is not listed in add-ons.mozilla.org repo, I guess it's not an official one, and I'm always very careful with this kind of developments... Basically, is there, according to you, any security issue? I don't want my organization LDAP to be hacked because of an unofficial add-on...

Thanks a lot,

Neirda

由 neirda 於 修改

more options

選擇的解決方法

Security is always a difficult question to answer. Certainly the stuff at add-ons.mozilla.org (AMO) does go through a code scrutiny process by moderators there. But the source code is from all over and the scrutiny is only as good at the person making the examination on the day. SOGO is an established open source project, so if security is really a worry, you can always hire someone to look through the source code. That is what AMO does. At a personal level I do not have to many worries about security of SOGO simply because it is open source, the code can be examined and it would be a brave project hat would mess in their own nest with malware etc in their package.

On the other hand, the connector is only a part of the SoGo package, a tool to connect to their groupware server software. A live demo of which can be accessed here http://www.sogo.nu/tour/online_demo.html The fact it can be used for other things is just a bonus for the community really and a byproduct of them using standards based protocols.

On a practical level many anti virus vendors insert add-ons into Thunderbird when you install their packages. These are what your calling unofficial as well (they are not on AMO). Given that many of them intercept and decode SSL encrypted communications, I would be more concerned that they have a backdoor for three letter government agencies and I would be about the sogo connector. My trust in internet privacy died a long time ago! but I still trust open source unless there is a reason not to, simply because source code is available.

more options

Hi Matt,

Thank you so much for your very detailed and illustrated answer, I really appreciate that.

What you say really makes sense to me, and I'm glad to learn more about Mozilla's processes in terme of Security and code inspection.

Have a great day,

Neirda