----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: http://reviewboard.kde.org/r/209/#review347 -----------------------------------------------------------
Ship it! so this falls under the umbrella of "cooperative security", and it's a good start. we'll need to add gpg signing and API removal (only possible in the scripted environments) to complete this. - Aaron On 2009-02-28 21:20:52, Chani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > http://reviewboard.kde.org/r/209/ > ----------------------------------------------------------- > > (Updated 2009-02-28 21:20:52) > > > Review request for Plasma. > > > Summary > ------- > > here's the beginning of some really basic security for plasmoids. > the idea is, shells (like plasma-overlay) can specify a list of constraints > in their desktop file, and then all plasmoids that require the disabled > feature don't show up in the appletbrowser. also, plasmoids that would like a > certain feature but don't *need* it can check isAllowed and turn it off when > it's not allowed. > I've added a single constraint (not in this patch) to plasma-overlay: > FileDialog. now all plasmoids exposing a filedialog can be disabled or made > safe. I've also made the comic plasmoid not offer a "save as" option when > that constraint is active. > > possible problems: > -the API isn't designed for constraints changing at runtime. does anyone > think that's likely to matter someday? > -I have no idea how this will affect alien widgets (google gadgets etc). > personally I'd be fine with banning those from the screensaver until proper, > full security can be implemented. > -if certain requirements aren't listed, they default to false. this means > plasmoids that haven't been checked are treated as safe by default. that > should probably be flipped before release. I'm also considering switching > from a bunch of bools to a stringlist in the .desktop files. > -this security relies on the applet writers to specify in the desktop file > what their applet needs. this means I need to let people know how to do so, > and trust them to keep their applets up to date. there are also some orphan > plasmoids in svn that should be checked over before each release. > -I still haven't made a final list of constraints. I really need to do that, > and document what exactly falls under each one, so that I don't end up > confusing plasmoid writers. > > > Diffs > ----- > > trunk/KDE/kdelibs/plasma/applet.h 932484 > trunk/KDE/kdelibs/plasma/applet.cpp 932484 > > Diff: http://reviewboard.kde.org/r/209/diff > > > Testing > ------- > > > Thanks, > > Chani > > _______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel