[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: .desktop security changes are committed
From:       John Tapsell <johnflux () gmail ! com>
Date:       2009-02-23 1:46:27
Message-ID: 43d8ce650902221746k2df3b06fnba6b5278773ba4b9 () mail ! gmail ! com
[Download RAW message or body]

2009/2/22 Michael Pyne <mpyne@purinchu.net>:
> On Sunday 22 February 2009, Celeste Lyn Paul wrote:
>> On Sunday 22 February 2009 01:04:48 pm Torsten Rahn wrote:
>> > Well, I'd click through anyways just because I have a low attention span
>> > and I don't feel like reading an amount of text like that. I think that
>> > the text still needs to be trimmed down quite a bit.
>>
>> The problem with clickthrough is that if you do that without understanding
>> what you are doing, you can do something potentially harmful. We want to
>> try and prevent that.
>>
>> Right now there is so much text in the dialog that it almost discourages
>> you from reading it. I was hoping to try and make the first sentence as a
>> one-stop- shop of what is going on (in case you dont read the rest of the
>> dialog), but it is still a bit too long to quickly understand what is
>> going
>> on. You are right that the text needs to be trimmed down a bit.
>
> Alright so Tom and I have talked, how about something like this:
>
> "This will start the program '%s'. If you are unsure of the origin, click
> Cancel."

Could you try to sanitize %s somewhat?  Strip out ' and "  characters,
cut it to 10 or so characters etc.  Try to make it difficult for
social engineering through the program name.

>
> " (Details >>) --> would expand to name, Exec= line, perhaps the comment
> info" (or Details could be a underlined link with the same info)
>
> This is significantly less text but I think it gets the same point across.
>
> Regards,
> - Michael Pyne
[prev in list] [next in list] [prev in thread] [next in thread]