"Name" key value in desk. entry spec collides with file names, could misguide users?
bastian at kde.org
Mon Mar 21 12:13:27 EET 2005
On Monday 21 March 2005 09:54, Kalle Vahlman wrote:
> > Requiring the +x bit set on anything (not just .desktop files) does not
> > give the user any more information than they already had, so it will not
> > change the decision they make. It *will* increase their sense of
> > frustration and helplessness if they're unable to figure out how to do
> > what they want to do, but that achieves nothing except making people
> > trust computers even less than they already do.
> Annoying users is truly the most likely way to get no userbase from
> the ordinary users (which are the target group of trojans etc).
It's only annoying if their is an actual valid use case for sending .desktop
files to users by e-mail. I don't think there is such use case and I don't
think there should be one.
If however, you still think sending .desktop files or other executables by
e-mail should be facilitated then you should come up with a framework that
allows that to be done in a secure way, including proper verification of the
sender. Requiring the +x bit on executables does not interfere with that, it
merily means that your framework needs to restore the +x bit after it has
established that the executable is to be trusted.
In this sense, .desktop files are not any different than ELF binaries or shell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/xdg/attachments/20050321/8f52dab6/attachment.pgp
More information about the xdg