pidgin plugins for corporate compliance

[Luke Schierer]

On Thu, Jun 07, 2007 at 09:59:10AM -0400, Roy Rim wrote:
> Hi guys,
> 
> I deal with companies that have to follow regulations from the SEC and
> NASD.  Two plugins I have been working on for pidgin is a simple
> Disclaimer plugin (which works fine) and a "Send Logs" plugin for
> emailing the IM logs to a reporting email address.  For certain
> companies these are regulations that must be followed or they could be
> fined.  The pidgin team has done a great job with the look and feel of
> pidgin and I would like to push my clients to it.
> 
> I was wondering if there was a way to enforce a plugin to be enabled?
> I realize that this kind of goes against the definition of a "plugin"
> but it seems the simplest way to enable this option without me mucking
> about in the nuts and bolts of Pidgin.  Perhaps in the future there
> might be a way to include corporate policies via a protected shared
> preferences file?  This way an administrator could set certain
> preferences that override users preferences?
> 
> Other than that do you have any suggestions that I can kind of hack
> the plugin to always be enabled?
> 
> Regards,
> Roy

I have seen requests like this several times.  They are inherently
distasteful, because I tend to think that such a company should only be
hiring users it can trust to follow policies, such as not unloading a
plugin.

That being said, I'd probably look at making it a logging plugin (adding
an option to the log format drop down), and making it auto load the way
the ssl plugins do.

That would still leave an element of choice though, because the user
could change the logging preference.  You could muck things up in your
plugin to detect a prefs change and change it back, but that would be
hugely evil, both from a code standpoint, and from an open source, trust
the users standpoint.

luke