[Panel-devel] Re: KIO::Netaccess support for themes

Aaron J. Seigo aseigo at kde.org
Sun May 29 20:07:41 CEST 2005


On Sunday 29 May 2005 11:09, Petri Damsten wrote:
> On Sunday 29 May 2005 19:41, Aaron J. Seigo wrote:
> > this brings up the issue of security. what, if any, thought towards
> > sandboxing, signing and other security issues has been made?
>
> Although I don't think that this is any less secure than downloading theme
> from kdelook and executing it manually, it would be a good point to discuss
> security issues now.

well, themes tend not to contain executable code =) while they do have build 
systems, that's a sightly different level of concern. SK themes are 
tantamount to downloading full blown applications; and making that trivial to 
do over the network is an issue that should be considered. installation is a 
one-time issue of aquisition, SK themes are long-running full blown apps and 
are more likely to be shared amonst users ad hoc.

i don't think there's there any reason why we can't offer sandboxing, and 
should indeed do so for the same reason applications like word processors 
ought to for their macro languages.

> > > > It copies the file to:
> > > > ksd.localkdedir() + ksd.kde_default("data") + kapp->name() +
> > > > "/themes/"
> >
> > is that literally what's in the source code?
>
> Yes.

any reason why you aren't using KStandardDirs? e.g.:

	locateLocal("appdata", "themes/", true);

one shouldn't rely on a hard coded path, but use KStandardDirs. this not only 
future proofs your app but allows for "unique" KDE set-ups. 

in any case, the "correct" path would be $KDEHOME/share/apps/$APPNAME/themes. 
this is why we have KStandardDirs =)

-- 
Aaron J. Seigo
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA  EE75 D6B7 2EB1 A7F1 DB43
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/panel-devel/attachments/20050529/2ca3dc00/attachment.pgp


More information about the Panel-devel mailing list