[Panel-devel] Re: KIO::Netaccess support for themes
Ryan Nickell
p0z3r at earthlink.net
Sun May 29 19:22:36 CEST 2005
On Sun, 2005-05-29 at 20:09 +0300, Petri Damsten wrote:
> On Sunday 29 May 2005 19:41, Aaron J. Seigo wrote:
> > this brings up the issue of security. what, if any, thought towards
> > sandboxing, signing and other security issues has been made?
>
> Although I don't think that this is any less secure than downloading theme
> from kdelook and executing it manually, it would be a good point to discuss
> security issues now.
As far as signing, I was looking over the KNewStuffSecure. It has the
ability to have signing using the MD5 sum incorporated with the package.
The only thing I don't like is that it makes it that more difficult for
people to get up and running making SK themes. We should use it, but
after we have some packaging utility that takes the source dir of your
package and zips it up with your particular MD5 sum signature.
>
> Themes can be downloaded manually, trough commandline or from KNewStuff (in
> the future). Themes can be also installed by rpm/ebuild/... packages (at
> least gentoo has some ebuilds for superkaramba themes). All of these cases
> should be kept in mind when thinking security issues.
>
> > > > It copies the file to:
> > > > ksd.localkdedir() + ksd.kde_default("data") + kapp->name() + "/themes/"
> >
> > is that literally what's in the source code?
>
> Yes.
Is there a better suggestion for storing local data for applications?
With the recent discussion about KMail and the ~/.kde directory, is
there going to be a better place for application data?
>
> Petri
> _______________________________________________
> Panel-devel mailing list
> Panel-devel at kde.org
> https://mail.kde.org/mailman/listinfo/panel-devel
More information about the Panel-devel
mailing list