ngraham added a reviewer: VDG. ngraham added a comment.
In D28218#632918 <https://phabricator.kde.org/D28218#632918>, @jgrulich wrote: > In D28218#632909 <https://phabricator.kde.org/D28218#632909>, @ngraham wrote: > > > In D28218#632907 <https://phabricator.kde.org/D28218#632907>, @jgrulich wrote: > > > > > but you can restrict the write access if you don't the sandboxed application to modify the file. > > > > > > Under what circumstance would you want that? > > > For example when using new, non-verified application, which you don't trust it won't modify the documents you are viewing? I wouldn't install an app I don't trust, and conversely, if I do trust an app enough to install it and launch it, I'll trust it with one of my documents. But I guess I'm not really arguing against you or this patch, but rather this part of the Flatpak spec. I don't really think this option makes a lot of sense; if you really don't trust an app, then this isn't enough; you also don't want it to even read your documents! Who knows what it might extract from them and sent to a remote server? And if you do give it read-write permission but it messes up your document, what you need is a "restore" feature that will undo the untrustworthy app's vandalism of your document. However I won't block this patch, since, as you point out, it's already in the GTK dialog and provided as an example in our own API docs. I just think there might be a more user-friendly and effective way of protecting our users' documents from untrustworthy apps. Adding #VDG <https://phabricator.kde.org/tag/vdg/> for more comments. REPOSITORY R838 Flatpak Support: KDE Portal for XDG Desktop REVISION DETAIL https://phabricator.kde.org/D28218 To: jgrulich, #plasma, #vdg Cc: ngraham, apol, plasma-devel, Orage, LeGast00n, The-Feren-OS-Dev, cblack, jraleigh, zachus, fbampaloukas, GB_2, ragreen, ZrenBot, himcesjf, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, ahiemstra, mart
