KDE-Docs.org

Frank Karlitschek karlitschek at kde.org
Sun Apr 17 19:15:12 BST 2005


On Sunday 17 April 2005 17:07, Jaroslaw Staniek wrote:
> First, congratulations for another useful site.
>
> > The question is how do we deal with is, will there be some kind of
> > possibility to review what is uploaded? This is because at least Quanta
> > has executable resources and you don't want to download a toolbar with
> > a script which does a "rm -fR ~"...
>
> That's also my concern regarding incoming Kexi scripts, possible to execut
> as autorun... We may need to introduce a process of validation for such
> resources. Even "only trust well known authors" policy is not safe... Maybe
> GPG signing?

Yes. This is a problem. We can't distribute scripts at the moment. This would 
be a security problem for the users.

I can see 3 solutions:

1. A sandbox system for the scripts in the application. I think this doesn't 
exist at the moment and would be difficult to implement.

2. A review and approval system on KDE-Docs.org. I plan to implement this in 
the future, but I can't say how long this will take.

3. Hosting script on a server where only developers have access. www.kde.org 
or download.kde.org.


> Frank, another thing: at least Kexi (but I see other apps too) has more
> than a "template" type of content. For Kexi (which is not document-driven)
> by "template" we mean a database project designed in a way that user can
> reuse it for own purposes, setting additinal (usually global) options. This
> is something other than "example database" type of content. We're also
> planning the "style" content, which can be applied to existing database to
> change it's behaviour or appearance.
>
> Summing up, for now we have additional two content types (categories)
> useful for Kexi. Even while currently only "example database" type is
> supported by Kexi implementation, the problem still exists. I've uploaded
> one example database under "Kexi templates" category -- and that's not very
> good place.

More Categories are no problem. I can add them easily. :-)

Cheers
Frank


-- 
Frank Karlitschek
karlitschek at kde.org




More information about the kde-core-devel mailing list