Mike Hearn wrote:
[...]
Surely, requiring that web browsers and email tools make all the files
they save executable cannot be good for security...
Only .desktop files, and right now +x on such a file is meaningless anyway.
Right. So now tools like wget (and shells, see below) have to know about
KDE/Gnome internal concepts like desktop files! And you criticize
Windows design?
Which is kind of the opposite of its normal meaning which can be taken
to be 'I trust this file enough that I am willing to execute it'.
Yes, it's unintuitive to reverse the meaning like that,
It's not just unintuitive, it's dangerous and unsecure too. By dictating
that tools that download file must mark .desktop files as executable you
have just removed the one thing that prevents nasty .desktop files like
the one you mentioned from being executed on the command line!
Unless you now want to mandate that bash, zsh, dash and all other shells
must also make an exception for .desktop files! As they say 'this way
lies insanity'.
--
Francois Gouget
[EMAIL PROTECTED]
_______________________________________________
xdg mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/xdg
