RFC: On-demand package installation API in kdelibs
Ingo Klöcker
kloecker at kde.org
Wed Jul 28 20:17:31 BST 2010
On Wednesday 28 July 2010, Sune Vuorela wrote:
> On 2010-07-28, Chani <chanika at gmail.com> wrote:
> > the way I read, it, lubos was suggesting something more like "if
> > you want to install support for $feature, click here" instead of
> > "oh, you don't have $feature, good luck finding and installing it
> > on your own!"
>
> And the 'click here' is exactly what I'm opposing to.
>
> In a short while, evil websites will start do magic like
>
> if(khtml or qtwebkit) {
> do_popup_asking_for_login_credentials();
> send_credentials_to_evil_owner();
> }
>
> masking it as a 'to view this page properly, you need to install a
> additional plugin. please enter your root password to continue'.
>
> And yes. Users is that stupid. We should not help the bad guys.
If users are really that stupid then why do evil websites need to wait
for us to add such a "Click here" question? They could simply do what
you say today (and they probably do already).
Anyway, there are many ways to ensure that the user cannot take a fake
dialog for our dialog, e.g. we could darken the rest of the desktop
similar to what Windows 7 does. Evil websites cannot fake this. Of
course your stupid users will still click on the fake dialog but, quite
frankly, I couldn't care less. Some people simply cannot be helped
regardless of what we do (or not do).
Also, AFAIU Lubos's proposal you can simply disable the "Install me"
functionality for Debian by implementing a KDebianInstall which always
returns false. Of course this would be rather ironic because Debian
users are usually a bit more informed than users of other distros.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20100728/e294cbee/attachment.sig>
More information about the kde-core-devel
mailing list