[Panel-devel] Re: KIO::Netaccess support for themes
Aaron J. Seigo
aseigo at kde.org
Sun May 29 20:07:41 CEST 2005
On Sunday 29 May 2005 11:09, Petri Damsten wrote:
> On Sunday 29 May 2005 19:41, Aaron J. Seigo wrote:
> > this brings up the issue of security. what, if any, thought towards
> > sandboxing, signing and other security issues has been made?
>
> Although I don't think that this is any less secure than downloading theme
> from kdelook and executing it manually, it would be a good point to discuss
> security issues now.
well, themes tend not to contain executable code =) while they do have build
systems, that's a sightly different level of concern. SK themes are
tantamount to downloading full blown applications; and making that trivial to
do over the network is an issue that should be considered. installation is a
one-time issue of aquisition, SK themes are long-running full blown apps and
are more likely to be shared amonst users ad hoc.
i don't think there's there any reason why we can't offer sandboxing, and
should indeed do so for the same reason applications like word processors
ought to for their macro languages.
> > > > It copies the file to:
> > > > ksd.localkdedir() + ksd.kde_default("data") + kapp->name() +
> > > > "/themes/"
> >
> > is that literally what's in the source code?
>
> Yes.
any reason why you aren't using KStandardDirs? e.g.:
locateLocal("appdata", "themes/", true);
one shouldn't rely on a hard coded path, but use KStandardDirs. this not only
future proofs your app but allows for "unique" KDE set-ups.
in any case, the "correct" path would be $KDEHOME/share/apps/$APPNAME/themes.
this is why we have KStandardDirs =)
--
Aaron J. Seigo
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/panel-devel/attachments/20050529/2ca3dc00/attachment.pgp
More information about the Panel-devel
mailing list