From kde-core-devel Mon Feb 23 01:46:27 2009 From: John Tapsell Date: Mon, 23 Feb 2009 01:46:27 +0000 To: kde-core-devel Subject: Re: .desktop security changes are committed Message-Id: <43d8ce650902221746k2df3b06fnba6b5278773ba4b9 () mail ! gmail ! com> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=123535362828327 2009/2/22 Michael Pyne : > On Sunday 22 February 2009, Celeste Lyn Paul wrote: >> On Sunday 22 February 2009 01:04:48 pm Torsten Rahn wrote: >> > Well, I'd click through anyways just because I have a low attention span >> > and I don't feel like reading an amount of text like that. I think that >> > the text still needs to be trimmed down quite a bit. >> >> The problem with clickthrough is that if you do that without understanding >> what you are doing, you can do something potentially harmful. We want to >> try and prevent that. >> >> Right now there is so much text in the dialog that it almost discourages >> you from reading it. I was hoping to try and make the first sentence as a >> one-stop- shop of what is going on (in case you dont read the rest of the >> dialog), but it is still a bit too long to quickly understand what is >> going >> on. You are right that the text needs to be trimmed down a bit. > > Alright so Tom and I have talked, how about something like this: > > "This will start the program '%s'. If you are unsure of the origin, click > Cancel." Could you try to sanitize %s somewhat? Strip out ' and " characters, cut it to 10 or so characters etc. Try to make it difficult for social engineering through the program name. > > " (Details >>) --> would expand to name, Exec= line, perhaps the comment > info" (or Details could be a underlined link with the same info) > > This is significantly less text but I think it gets the same point across. > > Regards, > - Michael Pyne