From kde-core-devel Sun Mar 01 13:51:16 2009 From: Roland Harnau Date: Sun, 01 Mar 2009 13:51:16 +0000 To: kde-core-devel Subject: Re: requiring .desktop files to be executable ? Message-Id: <476f836a0903010551l5c9ef3f2s381429979dfd05e7 () mail ! gmail ! com> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=123591550901383 2009/2/26, David Faure : > On Thursday 26 February 2009, Roland Harnau wrote: >> Is he really able to make an informed decision? He doesn't know the >> rationale for this security measure, he is only asked if he "trusts" >> the application - for "old" desktop files, newly installed software >> which installs its desktop files in Desktop, and the real security >> threat, the downloaded virus. With so many false positives, isn't it >> likely that he simply clicks through if he encounters the real threat? > > You contradict yourself. On one hand you say there is very little use > for desktop files in HOME or Desktop, on the other hand you say > "with so many false positives". This doesn't make sense. I should have been clearer on this point. I don't think there are major problems if one uses Plasma's default UI. The points above only apply to the classic UI when the desktop is a view of the Desktop folder. > And anyway the > idea is that you make your desktop files executable once after upgrading > to 4.3, and then you watch for viruses. But this should be somehow communicated to the user. And even then there are problems with (non-KDE) software installing its application launchers in Desktop. > Yes a virus downloaded in 2007 > would be easily hidden among the sensible desktop files, but how likely > is that to happen? We are not aware of any such virus existing already. Agreed. [...] >> Users of the "classical" desktop are a different >> matter, for them executable desktop files are of utmost importance. > > ... hence the need for this feature. An implication of the suggestion is of course that the classic UI isn't shipped with future KDE versions. After all, it's only a KDE3 compatibility mode. Roland