Is your feature request related to a problem? Please describe.
The extensibility framework relies on MEF to load assemblies with extensions. This is not new: The same thing is currently done by the pac.exe tool. However, we need to get a signoff of the model that we use to load assemblies. If we decide that some addins have to be signed, then the strength of those checks need to be reviewed.
Describe the solution you'd like
A threat model must be created and a safety review have to be performed.
Describe alternatives you've considered
There are no alternatives. This deliverable can only be closed when the review has been performed.
pvillads
commented
6 days ago
Is your feature request related to a problem? Please describe.
The extensibility framework relies on MEF to load assemblies with extensions. This is not new: The same thing is currently done by the pac.exe tool. However, we need to get a signoff of the model that we use to load assemblies. If we decide that some addins have to be signed, then the strength of those checks need to be reviewed.
Describe the solution you'd like
A threat model must be created and a safety review have to be performed.
Describe alternatives you've considered
There are no alternatives. This deliverable can only be closed when the review has been performed.
Additional context?
No response