"Name" key value in desk. entry spec collides with file names, could misguide users?

Diego Calleja diegocg at teleline.es
Sun Mar 13 02:26:34 EET 2005


If I've understood it correctly, the "Name" key specifies what programs ej: file
managers should show to user. The spec doesn't exactly says that but at least it's how it's
been implemented

This can cause at least two kind of issues, one of them somewhat related with
security as seen in "other OSes"

Problem 1: What user sees is not what is there:
   How to Reproduce:
   Step 1) Create a foo.desktop file with key Name="foo"
   Step 2) Create another foo.desktop file in the gnome panel with key Name="bar"
   Step 3) Try to drag panel's foo.desktop file to user's desktop.

   Bug: He'll get a warning because he's trying to overwrite "foo.desktop" with
"foo.desktop". User was just seeing "foo" and "bar". He'll never know that "foo"
and "bar" had the same name and he won't know how to drag panek's foo.desktop
reliably. Even worse: if once you hit that, you try to change the name of the desktop's
foo.desktop file, the desktop software will change the *Name* key value (at least in
gnome) in the foo.desktop file. foo.desktop name will remain unchanged - user won't be
able to drag panel's foo.desktop to desktop unless he resorts to a terminal to rename
foo.desktop manually. Another fix would be that nautilus detects that there're two desktop
files with the same name and rename it manually - but that would just be a ugly hack to
hide the fact that the concept behind the "Name" key seems to be broken.


Problem 2: What user executes is not what he sees
   How to reproduce:
   Step 1) Create a whatever.desktop file
   Step 2) Set Name="Natalie Portman Nude.jpg"
   Step 3) Set Run=evil-executable

   Bug: This is a well-learnt lesson from "another OS", where user thinks he's
opening a image and he's running a evil program, I don't think it needs more
explanations.


How to Fix: Deprecate the "Name" Key for future versions. Name's primary reason
of existence seems to be "automatic translation of user's visible strings", and
it makes that very easy, but it's too dangerous. Alternative methods for
achieving the same goals should be developed. "Name" solves only one problem but
it causes more, just like the "executable MIME type" in Windows. Developers can
user the file name as temporary place to put the "user's visible string" until a
better solution is adopted.



More information about the xdg mailing list