RFC: On-demand package installation API in kdelibs

Lubos Lunak l.lunak at suse.cz
Wed Jul 28 20:37:12 BST 2010

On Wednesday 28 of July 2010, Sune Vuorela wrote:
> On 2010-07-28, Chani <chanika at gmail.com> wrote:
> > the way I read, it, lubos was suggesting something more like "if you want
> > to install support for $feature, click here" instead of "oh, you don't
> > have $feature, good luck finding and installing it on your own!"
> And the 'click here' is exactly what I'm opposing to.
> In a short while, evil websites will start do magic like
> if(khtml or qtwebkit) {
>     do_popup_asking_for_login_credentials();
>     send_credentials_to_evil_owner();
> }
> masking it as a 'to view this page properly, you need to install a
> additional plugin. please enter your root password to continue'.
> And yes. Users is that stupid. We should not help the bad guys.

 I see, the problem is not installing software, the problem is supposed to be 
making users more used to entering their password whenever a dialog asking 
for it pops up.

 Well, as Chani said, what are your thoughts on KWallet then? I don't use it 
myself, but as far as I can judge, it rather randomly pops up and asks for a 
password. It shouldn't be a big problem faking that.

 Besides, if somebody's stupid enough to fall for this, they can fall for 
something similar already today. Bad boys can be rather inventive, and 
stupidity has no limitations. In fact I doubt people this stupid would see 
the connection between them doing something and a password dialog showing up 
as a consequence.

 Finally, since it would be installing software from known sources, it 
actually doesn't really need to require a password. The only bad thing that 
could happen would be running out of disk space, and I know simpler ways of 
achieving that on most machines.

 Lubos Lunak
 openSUSE Boosters team, KDE developer
 l.lunak at suse.cz , l.lunak at kde.org

More information about the kde-core-devel mailing list