VDG approved widgets
Marco Martin
notmart at gmail.com
Wed Mar 9 09:14:05 UTC 2016
On Wed, Mar 9, 2016 at 10:09 AM, Sebastian Kügler <sebas at kde.org> wrote:
> On Wednesday, March 09, 2016 00:55:40 kainz.a wrote:
>> > No, what I mean was that what Kai was suggesting can be fabricated
>> > super easily, making things look like they got VDG approval even if
>> > they did not.
>>
>> As the VDG approval stuff comes from the icon theme and I'm the maintainer,
>> it's not that easy. (I work at an company something like TÜV)
>
> Icons can be overridden by the user through the cascading in his home
> directory, no?
well, don't think there will be a way to make it "secure", unless
every single released version of the widget is actually digitally
signed (may be a good thing to get started on plasmoid signing tough).
if it's in the desktop file, more than malicious intent i can just see
copypaste it without even knowing what it is.
in the icon, the plasmoid previews are probably the icons that are
more unlikely to be overridden by themes
--
Marco Martin
More information about the Plasma-devel
mailing list