.desktop security changes are committed
John Tapsell
johnflux at gmail.com
Mon Feb 23 01:46:27 GMT 2009
2009/2/22 Michael Pyne <mpyne at purinchu.net>:
> On Sunday 22 February 2009, Celeste Lyn Paul wrote:
>> On Sunday 22 February 2009 01:04:48 pm Torsten Rahn wrote:
>> > Well, I'd click through anyways just because I have a low attention span
>> > and I don't feel like reading an amount of text like that. I think that
>> > the text still needs to be trimmed down quite a bit.
>>
>> The problem with clickthrough is that if you do that without understanding
>> what you are doing, you can do something potentially harmful. We want to
>> try and prevent that.
>>
>> Right now there is so much text in the dialog that it almost discourages
>> you from reading it. I was hoping to try and make the first sentence as a
>> one-stop- shop of what is going on (in case you dont read the rest of the
>> dialog), but it is still a bit too long to quickly understand what is
>> going
>> on. You are right that the text needs to be trimmed down a bit.
>
> Alright so Tom and I have talked, how about something like this:
>
> "This will start the program '%s'. If you are unsure of the origin, click
> Cancel."
Could you try to sanitize %s somewhat? Strip out ' and " characters,
cut it to 10 or so characters etc. Try to make it difficult for
social engineering through the program name.
>
> " (Details >>) --> would expand to name, Exec= line, perhaps the comment
> info" (or Details could be a underlined link with the same info)
>
> This is significantly less text but I think it gets the same point across.
>
> Regards,
> - Michael Pyne
More information about the kde-core-devel
mailing list