1.5 feature list

Cyrille Berger cberger at cberger.net
Fri Dec 23 14:18:33 CET 2005

> > why would this be more risky than executing the script it self ?
> A script runs in a sandbox which means it can't reach your files and other
> private stuff.
> Adding a widget in a known dialog makes way for so called social attacks
> and therefor the security barrier of the sandbox has gotten a lot less
> well defined.
> I'm no security expert, but I have seen security alerts based on such
> things.
> You probably will not be convinced this is an issue from my email, but
> please do contact the security experts (dirk a.o.) on this issue before
> krita goes that route.
I see what you mean, but I still don't see how a script can do this. Maybe if 
the script give to krita a ui file, it would avoid any problem. But anyway 
it's for Ko 2.0, we have plenty of time to think about it and avoid the 
(btw it make me think that nothing prevent a script to use the I/O class of Qt 
(or any other librairy) throught Python and Ruby, I will see with sebastian 
what he thinks about that).

> > > I read it to mean that you can show any custom dialog on top of krita
> > > to gather information from the user.
> >
> > And we will end with the same interface as the gimp with a lot of
> > unconsitency.
> Well, my offer to go over such guis and beat them into shape still stands,
> and like I said in a previous discussion; no matter what technical things
> you do, developers will always find a way to make rotten UIs. :)

thank you, I will ask your help for FiltersGallery when krita is back on good 
rails :) But, I was thinking about third pary scripts, as krita won't 
probably ships "official" scripts other than example, they are too slow, I 
use them mostly for experimentation and after I reimplement the script in 

--- Cyrille Berger ---

More information about the kimageshop mailing list