KDE-Docs.org

Andras Mantia amantia at kde.org
Sun Apr 17 17:10:12 BST 2005


On Sunday 17 April 2005 18:07, Jaroslaw Staniek wrote:
> First, congratulations for another useful site.
>
> > The question is how do we deal with is, will there be some kind of
> > possibility to review what is uploaded? This is because at least
> > Quanta has executable resources and you don't want to download a
> > toolbar with a script which does a "rm -fR ~"...
>
> That's also my concern regarding incoming Kexi scripts, possible to
> execut as autorun... We may need to introduce a process of validation
> for such resources. Even "only trust well known authors" policy is
> not safe... Maybe GPG signing?

That already exists in 3.4 if you use the KNewStuffSecure classes. I'm 
talking about who and how can control what is safe and what is not. At 
least I want a server from where the users can download only secure 
resources (that would be our kdewebdev.org server). Yet I do not oppose 
to having a public server as well, like this kde-docs.org. But the 
users should know what is coming from where.

Andras
-- 
Quanta Plus developer - http://quanta.kdewebdev.org
K Desktop Environment - http://www.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20050417/041ed47c/attachment.sig>


More information about the kde-core-devel mailing list