Re: Okular with GnuPG / Gpg4win
El dimecres, 17 de maig de 2023, a les 10:56:38 (CEST), Andre Heinecke va escriure: > Hi, > > On Tuesday 16 May 2023 23:55:00 CEST Albert Astals Cid wrote: > > The text looks reasonable to me, but i guess we'd definitely want some > > input from the KDE Promo folks. Want me to involve them or will you? > > I already did start on that yesterday. > https://marc.info/?l=kde-promo=168423425626159=2 > > Btw. my second mail in the thread gives some additional rationale why the > GnuPG integration is useful for us so it might be worth a read. > > > I can see that how that would make sense for translation but i don't see > > how this particular wording makes sense to be in the Okular repository. > > > > Imagine we get 10 different downstreams like you, we would need 10 > > different strings. > > > > One thing that comes to mind is we could come up with some kind of "these > > functionalities have been disabled" based on > > FORCE_NOT_REQUIRED_DEPENDENCIES have been set. (Or maybe just a generic > > one if any has been set?) > > I understand your point In Kleopatra we try to avoid that, too. > > What do you think about two options: > > option(OKULAR_UI_TITLE "Use an alternative title for the Okular UI. Please > consider when using FORCE_NOT_REQUIRED_DEPENDENCIES" "Okular") > option(SHOW_REDUCED_FUNCTIONALITY_WARNING "Show a warning on first run and > in the about dialog that this Okular comes with a reduced functionality > set." ((NOT FORCE_NOT_REQUIRED_DEPENDENCIES) AND (NOT > FORCE_NOT_REQUIRED_DEPENDENCIES STREQUAL ""))) > > That way we could have a generic warning because I don't think > our users will understand what the libraries mean and explaining that would > be too much. And a distro that might want to make only a minor change like > not shipping CHM support for some reason can set this option to "OFF" to > avoid such a warning. > > The reference to the Windows store should also be added with a > Q_OS_WIN ifdef and maybe for Linux with an "obtain from your Distribution". > > OKULAR_UI_TITLE we can then use to bring in "Okular (GnuPG Edition)". > > Probably best if I create an MR and we can discuss this there. Yes. Cheers, Albert > > Best Regards, > Andre
Re: Okular with GnuPG / Gpg4win
Hi, On Tuesday 16 May 2023 23:55:00 CEST Albert Astals Cid wrote: > The text looks reasonable to me, but i guess we'd definitely want some input > from the KDE Promo folks. Want me to involve them or will you? I already did start on that yesterday. https://marc.info/?l=kde-promo=168423425626159=2 Btw. my second mail in the thread gives some additional rationale why the GnuPG integration is useful for us so it might be worth a read. > I can see that how that would make sense for translation but i don't see how > this particular wording makes sense to be in the Okular repository. > > Imagine we get 10 different downstreams like you, we would need 10 different > strings. > > One thing that comes to mind is we could come up with some kind of "these > functionalities have been disabled" based on FORCE_NOT_REQUIRED_DEPENDENCIES > have been set. (Or maybe just a generic one if any has been set?) I understand your point In Kleopatra we try to avoid that, too. What do you think about two options: option(OKULAR_UI_TITLE "Use an alternative title for the Okular UI. Please consider when using FORCE_NOT_REQUIRED_DEPENDENCIES" "Okular") option(SHOW_REDUCED_FUNCTIONALITY_WARNING "Show a warning on first run and in the about dialog that this Okular comes with a reduced functionality set." ((NOT FORCE_NOT_REQUIRED_DEPENDENCIES) AND (NOT FORCE_NOT_REQUIRED_DEPENDENCIES STREQUAL ""))) That way we could have a generic warning because I don't think our users will understand what the libraries mean and explaining that would be too much. And a distro that might want to make only a minor change like not shipping CHM support for some reason can set this option to "OFF" to avoid such a warning. The reference to the Windows store should also be added with a Q_OS_WIN ifdef and maybe for Linux with an "obtain from your Distribution". OKULAR_UI_TITLE we can then use to bring in "Okular (GnuPG Edition)". Probably best if I create an MR and we can discuss this there. Best Regards, Andre -- GnuPG.com - a brand of g10 Code, the GnuPG experts. g10 Code GmbH, Erkrath/Germany, AG Wuppertal HRB14459 GF Werner Koch, USt-Id DE215605608, www.g10code.com. GnuPG e.V., Rochusstr. 44, D-40479 Düsseldorf. VR 11482 Düsseldorf Vorstand: W.Koch, B.Reiter, A.HeineckeMail: bo...@gnupg.org Finanzamt D-Altstadt, St-Nr: 103/5923/1779. Tel: +49-211-28010702 signature.asc Description: This is a digitally signed message part.
Re: Okular with GnuPG / Gpg4win
El divendres, 12 de maig de 2023, a les 12:40:23 (CEST), Andre Heinecke va escriure: > Hi, > > our integration of Okular anxd GnuPG (and later on GnuPG VS-Desktop) is > nearly finished. Not everything is upstream yet but we see no roadblocks on > the way that might cause us to abort so we would like to go ahead and > announce this a bit more. > > Attached is a first draft of a statement about why we started to work on > this. The text looks reasonable to me, but i guess we'd definitely want some input from the KDE Promo folks. Want me to involve them or will you? > First of I want to say a big thank you to everyone who helped with reviewing > etc. and for the excellent design of Okular which allowed a very modular > build. > > But, this is a slight problem because we are targeting a high security > environment we want to limit the attack surface as much as possible. This > means that we have stripped down Okular quite a lot. > > - It will have only the poppler generator. > - Basically no optional dependencies. (No JavaScript) > - No Phonon for Media (patches to cleanly make that optional are incoming, I > have hacked it for now). > > Additionally we carry some patches which allow us to strip down framework > inter dependencies and brutally hack some parts like KIO to come for example > without DBus support. > > As such I think it would be unfair of us to call this just "Okular" and give > you a possibly bad name. > > My suggestion is the following: > - Use the name "Okular (GnuPG Edition)" in user visible strings, like the > start Menu, Window Title, About Dialog etc. > - Change the bug tracker URL to dev.gnupg.org for us (should be obvious). That seems reasonable to me. > > And finally to add a Message Box on the first launch and add a Text in the > about dialog to promote the full featured Okular which I draft as > following: > > -- > Okular in general is a lightweight and highly secure document viewer for > many document formats. > > To reduce the attack surface even further the GnuPG Edition is stripped > down to only support PDF documents without any active content. > > For the best User Experience you can safely install the fully featured > Okular from the https://apps.microsoft.com/store/detail/okular/ > 9N41MSQ1WNM8">Microsoft Store > -- > > If this seems agreeable to you I would open a merge request regarding > something like this as a build switch. I would like to have the text > included upstream instead of patching it in for translation / wording > support etc. I can see that how that would make sense for translation but i don't see how this particular wording makes sense to be in the Okular repository. Imagine we get 10 different downstreams like you, we would need 10 different strings. One thing that comes to mind is we could come up with some kind of "these functionalities have been disabled" based on FORCE_NOT_REQUIRED_DEPENDENCIES have been set. (Or maybe just a generic one if any has been set?) Cheers, Albert > > I don't think that a parallel installation of two Okulars will make much > sense except in very specific use cases (e.g. If you use Okular (GnuPG > Edition) to open PDF's from Mails and the regular Okular as default). But > it is possible and no Problem. > > > Best Regards, > Andre
