Olav: >> Isn't it possible to install .desktop files in the user's $HOME >> directory? If someone were to trick a user into installing a >> .desktop file with a script that does something malicious, is there >> anything to protect the user from the malicious thing happening the >> next time the program corresponding to the desktop file crashes? > > Bug-Buddy especially ignores .desktop files in the $HOME directory. This > wasn't actually done as a security issue, just that the system .desktop > file usually is the only one to contain the special Bugzilla headers.
Perhaps a decision about how it should work should be made and documented so people understand how it is intended to work? >> Since .desktop files can be shipped by 3rd parties, is there any >> privacy issues about collecting information and forwarding it along >> to a bug database. For example, core files might contain passwords, >> so might not be appropriate to forward as an attachment to a public >> database. Will there be any way for the end user to control what >> sorts of data can be collected and forwarded with a bug report? > > You can see what is collected beforehand. I'd think it would be nice to completely turn off this feature if the user doesn't want data collected on their machine to be forwarded externally. Brian _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
