"Name" key value in desk. entry spec collides with file names, could misguide users?

Joerg Barfurth jub at sun.com
Mon Mar 21 11:31:14 EET 2005 

Mike Hearn wrote:
> On Sun, 20 Mar 2005 14:20:30 -0500, Jeffrey Vaughan wrote:
> 
>>I often use the following work pattern:
>>1) Download 15ish academic papers with file names like: popl2003acm.pdf 
>>or df3324r.pdf.
>>2) For each file in my firefox download directory that looks like a pdf 
>>in the gui, double click on the paper.
>>3) Rename or delete the paper as appropriate.
> 

> If you are downloading a file with a .pdf extension then it cannot be a
> .desktop file. At least in GNOME if you create a .desktop file and rename
> it to have anything other than a .desktop extension, you can't open it.
> Only when it has the .desktop extension can it be made to appear as
> something else.
> 

But if you are downloading pdf files named 'something.desktop'? And many 
users simply won't treat .desktop files diffrently from .pdf files. The 
point of the +x proposal is that it forces you to treat the file 
differently from ordinary data files for anything harmful to happen.

Generally we should not rely on extensions to prevent things from 
happening or to identify file types. And waiting and watching until 
'.desktop' becomes as suspect to people as '.pif' or .scr' are today, is 
not really an option.

> So it becomes an issue if you can't see the name of whatever it is you are
> downloading and only look at what it appears as on your desktop.
> 

Making users look at the raw file names does not sound very usable to 
me. And people who are used to downloading files named "df3324r.pdf" by 
the dozen probably won't look at the file names at all, much less 
scrutinize them to find the one that is dubious.

> Possibly a better solution - which has already been proposed elsewhere -
> is for file managers to place an emblem on launchers with an Exec line.
> That way you can see that it will run something. 
> 

I don't think that graphics will prevent anything. An emblem will 
possibly reach a different group of users than an extension, but I still 
think that many users don't attach much relevance to either of them.

> Another possible solution is to prevent .desktop files on the desktop or
> under $HOME from using icons in the mime-types category of icon themes.
> That's still a backwards-incompatible change but there are far fewer (no?)
> legitimate uses for it so the impact is likely to be much lower.
> 

Preventing various ways of spoofing observable things certainly is 
useful, but I don't think it is an effective way to prevent users from 
accidentally lauching executables. People will just do things the way 
they are used to. Forcing a change of behavior is more effective.

Ciao, Joerg

More information about the xdg mailing list