On Wed, Apr 26, 2023 at 02:50:47PM +0200, Raphael Hertzog wrote: > Executing the script as default open action is IMO a very bad idea > because what you get by email is largely to not be trusted so I would > suggest that kitty be modified to not execute scripts in its URL > launcher mode (or that it gets some interactive confirmation from the > user before executing it).
Upstream has added support for prompting if a file is executable[0]. However, the current upstream version of kitty has rewritten all of its kittens in go, so the changes aren't trivially backported. For bookworm, I'm going to stop installing kitty-open.desktop, by default. Install, I will ship it under /usr/share/doc/kitty/examples and add a note to README.Debian about it. [0]: https://github.com/kovidgoyal/kitty/commit/537cabca710f64b838d3b8b1dc986db596fb29d4 Cheers, -- James GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
