1.5 feature list

Thomas Zander zander at kde.org
Fri Dec 23 13:12:27 CET 2005

On Friday 23 December 2005 12:29, Cyrille Berger wrote:
> > Adding a custom widget in an exiting krita dialog is a security risk
> > and should be researched very carefully anyway.
> why would this be more risky than executing the script it self ?

A script runs in a sandbox which means it can't reach your files and other 
private stuff.
Adding a widget in a known dialog makes way for so called social attacks 
and therefor the security barrier of the sandbox has gotten a lot less 
well defined.
I'm no security expert, but I have seen security alerts based on such 
You probably will not be convinced this is an issue from my email, but 
please do contact the security experts (dirk a.o.) on this issue before 
krita goes that route.

> > I read it to mean that you can show any custom dialog on top of krita
> > to gather information from the user.
> And we will end with the same interface as the gimp with a lot of
> unconsitency.

Well, my offer to go over such guis and beat them into shape still stands, 
and like I said in a previous discussion; no matter what technical things 
you do, developers will always find a way to make rotten UIs. :)

Thomas Zander
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/kimageshop/attachments/20051223/37e80c13/attachment.pgp

More information about the kimageshop mailing list