Em Quinta, 24 de Outubro de 2002 18:17, Daniel Naber escreveu: > On Thursday 24 October 2002 17:57, Luis Pedro Coelho wrote: > > I think kmail should not warn on every attachment open. > > We show a security warning if there's a possible security problem. Opening > an attachment *is* always a potential security problem. There have been so > many buffer overflows in so many different programs which can be triggered > by carefully built input that it's just not correct to say "opening a ZIP > file is safe". Well, then there is not much you can do, is it? I mean, do you trust Qt's handling of JPEGs? If you do, then you must also trust kuickshow to show JPEGs. If you don't, then you should not automatically show JPEGs inline. And yes, I often click on JPEGs to see them with kuickshow because I can zoom in/out, etc. My proposal included that each app could signal that it was ready to open untrusted files. If an app does this, then its authors should realise that it is a target of a possible security attack. You must give some credit to them or at least let me trust it. Or maybe we can have a middle ground: For applications which have an "Untrusted-Exec," then there is a do-not-show-me-again message box. > Anyway, if the attachment is not known, the button says "Open with.." and > you have to explicitly select an application. If the application is known, > we show what application will be used to open the file. If someone clicks > "Open" when we ask "Open destroy.pl with 'perl'?" - what should we do > about that? And even for that case he would have to change his settings > for perl files (otherwise it's displayed in an editor). And there's also a > different attachment icon for images than for other files. I say that kmail should err on the paranoia side. Anything you don't know about is highly doubtful. However, known mime-types should be different. Especially, if as I proposed, apps contained an option to open untrusted files. Regards, -- Luis Pedro Coelho "Technology does not always equal progress." Douglas Coupland _______________________________________________ KMail Developers mailing list kmail@mail.kde.org http://mail.kde.org/mailman/listinfo/kmail