<br><br><div class="gmail_quote">2008/6/28 Aaron J. Seigo <<a href="mailto:aseigo@kde.org">aseigo@kde.org</a>>:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Friday 27 June 2008, Paul Giannaros wrote:<br><br></div><br>
(btw, examining what we extend is really quite useful since it makes it<br>
*purposeful* rather than random; for what should be obvious reasons, when it<br>
comes to code we're going to be slinging across the network and onto user's<br>
desktops this isn't a bad ting</blockquote><div>So is the purpose of the ScriptEngine api about security? If you are using the QtRuby bindings you can do everything you can do in the Qt api and call Qt::File, Qt::Dir methods or whatever the hell you like. <br>
<br>I really think the C++ based applets shouldn't be loaded directly as KDE plugins, but should go via a ScriptEngine plugin type of indirection. That way we could have different plasma package types, implemented as Plasma::PackageStructures, for C++ such as 'source code', 'i386' or 'ARM' and so on. But they would all implement the C++ api. I don't think restricting the api in arbitrary ways, even if you call individual decisions as 'purposeful' will help with security. If you really want to trust a C++ based plasma applet downloaded from the network, they should be signed with a well known certificate. Similarly, ScriptEngine based applets would need to be signed, as implementing a slightly smaller api than the C++ one, doesn't really help.<br>
<br>-- Richard<br><br></div></div><br>