[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: requiring .desktop files to be executable ?
From:       Kevin Ottens <ervin () kde ! org>
Date:       2009-02-13 18:08:11
Message-ID: 200902131908.11419.ervin () kde ! org
[Download RAW message or body]


On Friday 13 February 2009 12:28:14 Andras Mantia wrote:
> On Friday 13 February 2009, David Faure wrote:
> > Kevin Ottens and I had the idea of doing this slightly differently
> > btw: we could require +x when the desktop file is not in a standard
> > directory for desktop files. This would allow to catch "save this
> > file in your home or on your desktop" without breaking all the
> > desktop files already distributed with applications.
>
> I'd say to be consistent, and require that every desktop file needs to
> have the exec bit set. [...]
>  The real problem anyway is the upgrade path after this change is
> introduced. [...]

Hence why requiring the +x bit everywhere would be shortsighted. Requiring it 
only in non standard places is a much much better upgrade path IMO. You can 
keep it this way and be backward compatible. This way you can wait until the 
standard is changed *and* most software are following it before making the +x 
bit mandatory everywhere.

@David: But honestly reusing the small mimetype trick we discussed yesterday 
to identify the desktop files which try to fool the user has my preference. 
Moreover this way it'd avoid potential malware even if they have the +x bit 
(after all could have been copied via fish:// for instance which keeps this 
bit if I'm not mistaken). It's harder to do it right though.

Regards.
-- 
Kévin 'ervin' Ottens, http://ervin.ipsquad.net
"Ni le maître sans disciple, Ni le disciple sans maître,
Ne font reculer l'ignorance."

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]