RFC: On-demand package installation API in kdelibs

Sune Vuorela nospam at vuorela.dk
Wed Jul 28 20:09:46 BST 2010

On 2010-07-28, Ivan ??uki?? <ivan.cukic at kde.org> wrote:
>> In a short while, evil websites will start do magic like
>> if(khtml or qtwebkit) {
>>    do_popup_asking_for_login_credentials();
>>    send_credentials_to_evil_owner();
>> }
> I don't think anyone was intending to expose this API to html
> renderers (or anything similar for that matter).

they can be faked.

> It is like saying that today, the evildoers can do
> if (kdesu) {
>    run_kdesu_to_run_something();
> }

The difference is, that currently we are not teaching the users that
such popups is normal.

currently, kdesu only pops up a dialog asking for passwords after
specific user actions.

This new api will be used at random times by random apps.


More information about the kde-core-devel mailing list