On Thu, 23 Mar 2006 09:05:32 -0700, Aaron J. Seigo wrote: > is there such an example .desktop file we can get our hands on to look at, > test and assess the situation directly?
http://article.gmane.org/gmane.comp.autopackage.devel/4671 > what prevents a malicious .desktop file from using any of the other icons we > ship and pretending to be something else? looking through just the > Application icons i have on disk here, any number of them could be used to > pretend to be a movie, an mp3, a word processing document ..... Well, nothing I guess, but if it looks like an application icon at least the user might expect it to do run something when clicked. MIME type icons are usually recognisable in most icon themes by having a paper background, it's a simple enough heuristic. I'm open to alternative ideas though. An emblem for executable .desktop files? That'd kinda suck though, I have a bunch of launchers on my desktop and don't really want them cluttered up with some intrusive overlay. I already know they're executable! Requiring them to be +x was another alternative, but it breaks backwards compatibility with some non-trivial number of deployed apps. And the usability implications of requiring users to go to properties and check a weird box are not good (it's like warning dialog fatigue i think ...) _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
