RFC: On-demand package installation API in kdelibs

dantti85-dev at yahoo.com.br dantti85-dev at yahoo.com.br
Wed Jul 28 22:28:38 BST 2010

> De: Martin Gräßlin
> We already have this as an effect. We just need to enable
> it by default and add the window class of the new dialog to it. Impossible
> to fake - and please don't argument with it requires compositing and not
> everybody is using effects ;-)

BTW this is not working with polkit-kde-1 here (again :P )
Hey all,
PackageKit already has such feature, if you run toten in KDE or gnome and it 
need packages
it will ask Gnome-PackageKit or KPackageKit.

This is the DBus interface that can be used to do such evil
as Sune has said (which is why he don't want KPackageKit in Debian),
I must admit he has a point on that,
but STUPID users can just be presented with a faked package manager
inside their browsers which show lots of packages (It can even show
debian packages if the browser user-agent says it is a Debian system),
which in the end ask for you root password. So what now?
The website knows your ip, which is quite common to be
behind a router/firewall you'd also need to have ssh server installed
or something else to be sploited.
I don't want to go deep into the security issue here but
trully it's quite hard to protect a stupid user.

Another example is an website promises that iTunes will run on your
Debian box, you download a .deb and try to install with your
package manager, the website can even say to you
which commands you need to type on the Konsole
if you don't have a graphical package manager.
(Easier no?)

I can just add some build options to disable this interface
if distro X don't like it, or even the user should be the
one to check
[ X ] Yes I want this cool feature that can make me stupid in front of a 

Daniel Nicoletti - KDE Developer
When a wicked man dies, his hope perishes;
all he expected from his power comes to nothing. Prov. 11:7


More information about the kde-core-devel mailing list