KNewStuff - signed

Andras Mantia amantia at kde.org
Thu Feb 3 21:47:10 GMT 2005 

On Thursday 03 February 2005 22:50, Josef Spillner wrote:
> Does it count that most of that code was implemented already in
> another module? 
In which module?? 

> The new changes mostly affect upload only as I saw, 
> and since the classes are additions not much can be broken by them.
The changes affect both upload and download.

>
> Well I also have a lot of thoughts:
> - the naming, for KDE 3.4 (if it goes in) KNewStuffSecure is ok, it's
> like a variant to KNewStuffGeneric, and only gets used if the app
> author explicitely wants it

Fine for me.

> (the common download dialog method still 
> uses knewstuff) (Btw. who came up with Q* classes in quanta? :)

Heh, I was that one, altough after that we decided to name our new 
classes QP* in the future.

> - the gpg dependency: I already asked myself why we don't have the
> nice UI stuff which is used in KMail in kdelibs. I fear that
> kdelibs-4.0 is going to grow a lot but it seems to be necessary. For
> the time being the user is told they need to install gnupg, I don't
> see a way around that. Packagers need to care about adding that
> dependency.
> http://www.kde.org/info/requirements/3.3.php lists kdepim as of now,
> kdewebdev could be added there.
As I understood, the real problem is the licensing of the library.

> - the way to handle the hash sum and signature. From a crypto point
> of view it doesn't make it less secure to have those in the XML
> description to avoid having to deal with tarballs even for small
> scripts, does it? I also do not see a problem here because in 4.0
> both methods could coexist (with one being recommended of course).

I didn't thought about this, but yes, it makes sense to put them in the 
XML description. 

> So in summary, I request adding this for KDE 3.4 because if we delay
> until 4.0 the potential to mess up something is not exactly smaller
> (more usage, fd.o submission, ...)

The problem with the current addition would be that we couldn't really 
change according to your proposal, so it would basicly remain as I 
wrote now. If that's OK, fine, I will maintain it for the 3.4.x 
releases and we can improve as you proposed for 4.0.

Andras

>
> Josef

-- 
Quanta Plus developer - http://quanta.sourceforge.net
K Desktop Environment - http://www.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20050203/a7f1f2fc/attachment.sig>

More information about the kde-core-devel mailing list