Re: Document Centricity in GNOME [LONG]

From: Moshe Zadka <moshez math huji ac il>
To: "Brian F. Kimball" <bfk footbag org>
Cc: gnome-gui-list gnome org, Franck sopac org fj
Subject: Re: Document Centricity in GNOME [LONG]
Date: Wed, 10 May 2000 10:01:38 +0300 (IDT)

On Tue, 9 May 2000, Brian F. Kimball wrote:

> I *really* like the "Open Safely" idea.

I'm glad.

> "Open
> Safely"  could be the equivalent of "gless BIG_NASTY_WARNING_FILE &&
> application" for the insecure apps, which would have the added benefit
> of pressuring the application writer to actually provide some security.

Actually, I believe that in that case the "Open Safely" action should be
left empty. If the user *really* wants to run the document, he can
right-click and choose "Open". Of course, the application (e-mail client,
browser, file-manager) should warn him about it.

> In the case of documents that are pure code (like shell scripts), "Open
> Safely" can be the same as "Open" which should open the file in the
> user's favorite pager.  "Run" should actually execute it.

Actually, I disagree: "Open" should be equivalent to "Run". "Open Safely"
should be "Run inside sandbox" (or safely, or restricted execution, or
whatever it is the language calls it). If there is no "sandbox" mechanism,
just don't add "Open Safely" to this file type. "Edit" should open
it up in an editor (specialized for the language, perhaps: maybe I want to
edit my Python scripts in IDLE, for example).

> IMHO "Open Safely" is absolutely wonderful because its very presence
> immediately informs users that "just opening" a document isn't 
> necessarily safe, and that one should take precautions when dealing with 
> files from untrusted sources.

Well, I more think about choosing the right defaults. E.g., a file-browser
should "Open Safely" by defaults documents that I'm not the owner of.

> The only problem is liability... if "Open Safely" mistakenly opens a
> file unsafely or if a bug in the application is exploited, some very
> pissed off users might think they have good reason to sue, because they
> were told they were safe.

Hmmmmm...."Open Safely" reduces the problem to trusting an application you
know you can trust because (e.g.) it comes from HelixCode as opposed to
"it comes from this really neat guy who's absolutely super"<wink>

> So we can't expect software that lets us disable potentially harmful
> features, but we can require that everyone design their file types in
> such a way that the "code" is in a separate file?  Please explain how
> you plan to get Microsoft, the rest of the software industry, and the
> entire free software community to agree to this.

Not to mention that it *damages usability*. I want to be able to embed
guile-scripts within a Gnumeric document, which calculate something
Gnumeric couldn't. Why shouldn't I?

--
Moshe Zadka <moshez@math.huji.ac.il>
http://www.oreilly.com/news/prescod_0300.html
http://www.linux.org.il -- we put the penguin in .com

Follow-Ups:
- Re: Document Centricity in GNOME [LONG]
  - From: David Tabachnikov (NetHunter)

References:
- Re: Document Centricity in GNOME [LONG]
  - From: Brian F. Kimball

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]