"Name" key value in desk. entry spec collides with file names, could misguide users?

[Jerry Haltom]

I am not subscribed to this list, and don't really want to get
subscribed just to send this simple reply.

I totally agree with the points raised by Diego. This is a nightmare in
current windows shops. We have a chance to not make the same mistakes,
why are we?

Yes, users are stupid. Yes, users WILL click on these things, even if
told not to. They are not educable. Even if they were educable, it would
make our product more attractive to not require education.

When we gain desktop share, there *WILL* be virus in the same scope as
windows virus, using this simple thing. And people *will* fall for it.
Do you want that? I don't.

We have a chance to make policy pretty simple: nothing should be
executable unless the user goes out of his way to mark it executable.
Not a simple Yes/No prompt, but right click Properties, Permissions,
Executable. A very specific action.

Packages should be distributed in the local package format with the
standard permission checks. Executables should not be downloaded from
the Internet. Is that so hard?

What we COULD do is deprecate Exec and add Link.

[Desktop Entry]
Name=OpenOffice
Link=openoffice.desktop

This would represent a link on the desktop to the local
AUTHORITATIVE .desktop file to be determined by system
policy: /usr/share/applications or ~/.local. A virus then, couldn't do
anything more than run an already sanctioned application.

What do you think?

-- 
Jerry Haltom <wasabi at larvalstage.net>