requiring .desktop files to be executable ?

[Roland Harnau]

2009/2/26, David Faure <faure at kde.org>:
> On Thursday 26 February 2009, Roland Harnau wrote:

>> Is he really able to make an informed decision? He doesn't know the
>> rationale for this security measure, he is only asked if he "trusts"
>> the application - for "old" desktop files, newly installed software
>> which installs its desktop files in Desktop, and the real security
>> threat, the downloaded virus. With so many false positives, isn't it
>> likely that he simply clicks through if he encounters the real threat?
>
> You contradict yourself. On one hand you say there is very little use
> for desktop files in HOME or Desktop, on the other hand you say
> "with so many false positives". This doesn't make sense.

I should have been clearer on this point. I don't think there are
major problems if one uses Plasma's default UI. The points above only
apply to the classic UI when the desktop is a view of the Desktop
folder.

 > And anyway the
> idea is that you make your desktop files executable once after upgrading
> to 4.3, and then you watch for viruses.

But this should be somehow communicated to the user. And even then
there are  problems with (non-KDE) software installing its application
launchers in Desktop.

> Yes a virus downloaded in 2007
> would be easily hidden among the sensible desktop files, but how likely
> is that to happen? We are not aware of any such virus existing already.

Agreed.

[...]
>> Users of the "classical" desktop are a different
>> matter, for them executable desktop files are of utmost importance.
>
> ... hence the need for this feature.

An implication of the suggestion is of course that the classic UI
isn't shipped with future  KDE  versions. After all, it's only a KDE3
compatibility mode.


Roland