On Sun, 2007-07-08 at 22:38 -0400, Michael Richardson wrote: > >>>>> "Rodney" == Rodney Dawes <[EMAIL PROTECTED]> writes: > >> How can a type be "safe" or "unsafe"? Safeness depends on the > >> application. E.g. a python script is safe if you open it with a > >> text editor, but not if you use a python interpreter. > >> > >> Perhaps applications that are designed to handle untrusted data > >> safely could be flagged as such in their .desktop files? > > Rodney> What about trusted applications with security flaws, that > Rodney> handle "trusted" types? A tar.gz might be considered "safe", > Rodney> but could expose a security flaw in gzip. > > That's a bug. > There are always bugs. > > A python script which can run "rm -rf /", is a feature. > It will always do that.
Bug or not, the level of safety there must be determined by the user. One user's safe, is another user's ZOMG! No amount of software abstraction is going to change that. It just seems silly to me that we keep trying to write software to be smarter than the user, rather than just writing software that works for the users. While the majority of people on the planet don't know what a python script is, it still will be very annoying to have to click through an extra dialog every time I want to view a python file on web svn. One very important design heuristic that should be followed here is "Always let the user feel in control." If the user doesn't feel like she can control what's happening, the software is going to be an annoyance more than an assistance. Inciting fear with a pop-up stating that a file might contain malicious code, for only a small subset of the possible files that might do so, doesn't actively make the situation any better. Why not have magic matches for known malicious data in files, instead of just blanketing whole mime types? Doing that would take care of even files we think we might trust, like JPEGs, without being overly intrusive in the UI, when not necessary. Because, really, by definition, any file not explicitly created by the user, should be considered as potentially unsafe. And even some files created by the user, should be considered unsafe, because we don't know if the software that created it is safe. -- dobey _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
