> > ---------- Messaggio inoltrato ---------- > From: Chani <chan...@gmail.com> > To: plasma-devel@kde.org > Date: Sun, 4 Apr 2010 10:56:42 -0700 > Subject: Re: [GSoC] Proposal: Authentication for scripted plasmoid > downloaded from the web > On April 4, 2010 06:39:10 Diego Casella ([Po]lentino) wrote: > > Hi guys, > > sorry for being late, however here it is my proposal for this summer of > > code. > > Since, during PlasMate development, we talked a bit about the possibility > > to verify the plasmoids downloaded from kde-look.org or opendesktop.org, > I > > think about it for a while and I came whit the idea to improve > > plasmaengineexplorer (plus plasmapkg and PlasMate, if there wil be enough > > time) in order > > I assume you mean plasma *widget* explorer ;) >
You are right, I made a lot of typos in this email >.< > > > to use the QCA api to provide plasmoids authentication. Here it is my > > implementation details (see the full proposal here > > > http://socghop.appspot.com/gsoc/student_proposal/private/google/gsoc2010/di > > ego_casella/t127038771188 ): > > psst. only mentors have access to that page - note the "private" in the url > :) > I suggest you upload your proposal somewhere public as well. > > this one should work :) http://socghop.appspot.com/gsoc/student_proposal/show/google/gsoc2010/diego_casella/t127038771188 ---------- Messaggio inoltrato ---------- > From: Chani <chan...@gmail.com> > To: plasma-devel@kde.org > Date: Sun, 4 Apr 2010 11:19:25 -0700 > Subject: Re: [GSoC] Proposal: Authentication for scripted plasmoid > downloaded from the web > On April 4, 2010 11:02:30 Marco Martin wrote: > > On Sun, Apr 4, 2010 at 3:39 PM, Diego Casella ([Po]lentino) > > > > <polentino...@gmail.com> wrote: > > > Hi guys, > > > sorry for being late, however here it is my proposal for this summer of > > > code. > > > Since, during PlasMate development, we talked a bit about the > possibility > > > to verify the plasmoids downloaded from kde-look.org or > opendesktop.org, > > > I think about it for a while and I came whit the idea to improve > > > plasmaengineexplorer (plus plasmapkg and PlasMate, if there wil be > > > enough time) in order > > > to use the QCA api to provide plasmoids authentication. Here it is my > > > implementation details (see the full proposal here > > > > http://socghop.appspot.com/gsoc/student_proposal/private/google/gsoc2010/ > > > diego_casella/t127038771188): > > > > > > My idea is to use the QCA framework in order to verify the signature of > > > the plasmoids downloaded from kde-look.org, opendesktop.org, or > > > installed with plasmapkg/PlasMate. This will require patching the > plasma > > > widgetexplorer and plasmapkg (and also PlasMate in order to support the > > > package signing process, if time permits that). > > > > This is a must have and was in the todo since day one... > > as Chani said i'm not sure if is better at Plasma Package level or at > > a broader thing for all ghns stuff > > > > hmm. > honestly I think we'll want it at *both* levels in the end. > the GHNS dialog will need to ask the server about the security rating, so > some > sort of server-side support needs writing for that. > but we also want to check the security of manually downloaded plasmoids > (or, > say, a plasmoid that a friend emailed us). so we want it in Plasma too. > > it probably makes sense to start it in plasma, and spread it from there. :) > Yep ! > > oh, another thing: the kcm part of the proposal was kinda vague. I expect > that > it'll be just a simple thing, and advanced key-management stuff will be > left to > programs like kgpg... we don't want to scare people off. :) of course most > will > just leave it with the default KDE key anyways.. hrrm... what exactly is > the > kcm needed for? can't you just check which keys I trust in my keyring? > The idea of the KCM module is to provide a unique place where listing and showing all the keys saved, with the opportunity to add/delete them, nothing more :) Of course if the keys are the ones shipped with KDE/linux distributor, they will be available in read only mode (however they can be modified by performing something like an "sudo apt-get upgrade", if updated keys are available); otherwise, for third-party keys,you can add/delete them if you trust its releaser. Using the default keyring is correct, but since we can't tell how many keys will be pre-installed, and how many others will be installed by the user, I don't like the idea to pollute the default keyring with all of these. By the way this is only my opinion, that's why I need your advices :) > > -- > This message brought to you by eevil bananas and the number 3. > www.chani3.com > >
_______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel