[RFC] Security and Features in KPDF
Ingo Klöcker
kloecker at kde.org
Mon Jan 3 18:36:30 GMT 2005
On Monday 03 January 2005 02:44, Tobias Koenig wrote:
> On Sun, Jan 02, 2005 at 06:55:19PM -0500, George Staikos wrote:
> > On Sunday 02 January 2005 18:19, Tobias Koenig wrote:
>
> Hi,
>
> > > This is really a save solution. When the user still clicks on
> > > 'Ok' and the virus/wurm is executed... well, that's the users
> > > problem. But that's the same case as when the user clicks on an
> > > unknown email attachment. Do we forbid email attachments for this
> > > reason?
> >
> > This is not always so safe, because not all users understand the
> > implications of a 1 character difference between two command lines,
> > one being safe, the other being devastating.
>
> And what's the different to a script that the user downloads from
> www.coolnewgames.com and executes it because its name is install.sh?
The difference is that the user has to save the script. Then he has to
make it executable. And only then he can execute the script. That's
three steps of which at least the second one is non-trivial for a
regular user. And anybody who knows anything about making files
executable should know about the implications (yeah, I know, wishful
thinking).
This is not comparable with your proposal which just requires clicking
on a link and acknowledging a dialog.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20050103/e187f418/attachment.sig>
More information about the kde-core-devel
mailing list