requiring .desktop files to be executable ?
truthandprogress at googlemail.com
Sun Mar 1 13:51:16 GMT 2009
2009/2/26, David Faure <faure at kde.org>:
> On Thursday 26 February 2009, Roland Harnau wrote:
>> Is he really able to make an informed decision? He doesn't know the
>> rationale for this security measure, he is only asked if he "trusts"
>> the application - for "old" desktop files, newly installed software
>> which installs its desktop files in Desktop, and the real security
>> threat, the downloaded virus. With so many false positives, isn't it
>> likely that he simply clicks through if he encounters the real threat?
> You contradict yourself. On one hand you say there is very little use
> for desktop files in HOME or Desktop, on the other hand you say
> "with so many false positives". This doesn't make sense.
I should have been clearer on this point. I don't think there are
major problems if one uses Plasma's default UI. The points above only
apply to the classic UI when the desktop is a view of the Desktop
> And anyway the
> idea is that you make your desktop files executable once after upgrading
> to 4.3, and then you watch for viruses.
But this should be somehow communicated to the user. And even then
there are problems with (non-KDE) software installing its application
launchers in Desktop.
> Yes a virus downloaded in 2007
> would be easily hidden among the sensible desktop files, but how likely
> is that to happen? We are not aware of any such virus existing already.
>> Users of the "classical" desktop are a different
>> matter, for them executable desktop files are of utmost importance.
> ... hence the need for this feature.
An implication of the suggestion is of course that the classic UI
isn't shipped with future KDE versions. After all, it's only a KDE3
More information about the kde-core-devel