[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-panel-devel
Subject: Re: Review Request: some basic plasmoid security
From: "Aaron Seigo" <aseigo () kde ! org>
Date: 2009-03-03 16:28:51
Message-ID: 20090303162851.17778.64462 () localhost
[Download RAW message or body]
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://reviewboard.kde.org/r/209/#review347
-----------------------------------------------------------
Ship it!
so this falls under the umbrella of "cooperative security", and it's a good start. \
we'll need to add gpg signing and API removal (only possible in the scripted \
environments) to complete this.
- Aaron
On 2009-02-28 21:20:52, Chani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://reviewboard.kde.org/r/209/
> -----------------------------------------------------------
>
> (Updated 2009-02-28 21:20:52)
>
>
> Review request for Plasma.
>
>
> Summary
> -------
>
> here's the beginning of some really basic security for plasmoids.
> the idea is, shells (like plasma-overlay) can specify a list of constraints in \
> their desktop file, and then all plasmoids that require the disabled feature don't \
> show up in the appletbrowser. also, plasmoids that would like a certain feature but \
> don't *need* it can check isAllowed and turn it off when it's not allowed. I've \
> added a single constraint (not in this patch) to plasma-overlay: FileDialog. now \
> all plasmoids exposing a filedialog can be disabled or made safe. I've also made \
> the comic plasmoid not offer a "save as" option when that constraint is active.
> possible problems:
> -the API isn't designed for constraints changing at runtime. does anyone think \
> that's likely to matter someday?
> -I have no idea how this will affect alien widgets (google gadgets etc). personally \
> I'd be fine with banning those from the screensaver until proper, full security can \
> be implemented.
> -if certain requirements aren't listed, they default to false. this means plasmoids \
> that haven't been checked are treated as safe by default. that should probably be \
> flipped before release. I'm also considering switching from a bunch of bools to a \
> stringlist in the .desktop files.
> -this security relies on the applet writers to specify in the desktop file what \
> their applet needs. this means I need to let people know how to do so, and trust \
> them to keep their applets up to date. there are also some orphan plasmoids in svn \
> that should be checked over before each release.
> -I still haven't made a final list of constraints. I really need to do that, and \
> document what exactly falls under each one, so that I don't end up confusing \
> plasmoid writers.
>
> Diffs
> -----
>
> trunk/KDE/kdelibs/plasma/applet.h 932484
> trunk/KDE/kdelibs/plasma/applet.cpp 932484
>
> Diff: http://reviewboard.kde.org/r/209/diff
>
>
> Testing
> -------
>
>
> Thanks,
>
> Chani
>
>
_______________________________________________
Plasma-devel mailing list
Plasma-devel@kde.org
https://mail.kde.org/mailman/listinfo/plasma-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic