"Name" key value in desk. entry spec collides with file names, could misguide users?

Waldo Bastian bastian at kde.org
Mon Mar 21 12:13:27 EET 2005


On Monday 21 March 2005 09:54, Kalle Vahlman wrote:
> > Requiring the +x bit set on anything (not just .desktop files) does not
> > give the user any more information than they already had, so it will not
> > change the decision they make. It *will* increase their sense of
> > frustration and helplessness if they're unable to figure out how to do
> > what they want to do, but that achieves nothing except making people
> > trust computers even less than they already do.
>
> Annoying users is truly the most likely way to get no userbase from
> the ordinary users (which are the target group of trojans etc).

It's only annoying if their is an actual valid use case for sending .desktop 
files to users by e-mail. I don't think there is such use case and I don't 
think there should be one.

If however, you still think sending .desktop files or other executables by 
e-mail should be facilitated then you should come up with a framework that 
allows that to be done in a secure way, including proper verification of the 
sender. Requiring the +x bit on executables does not interfere with that, it 
merily means that your framework needs to restore the +x bit after it has 
established that the executable is to be trusted.

In this sense, .desktop files are not any different than ELF binaries or shell 
scripts.

Cheers,
Waldo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/xdg/attachments/20050321/8f52dab6/attachment.pgp 


More information about the xdg mailing list