Limiting exports from xdg-app

I just landed a change in xdg-app that forces all the exported files
(icons, desktop files, service files, etc) to be prefixed with the
application name. I as well limited the app names to be a subset of dbus
well known names, but not allowing "-" in them (so that - can be used to
e.g. separate the app name and the rest in exported file names, such as
org.gnome.Foo-symbolic.png). The details are in git commit, but
essentially, these filenames are allowed:
  org.gnome.gedit-symbolic.svg (- is not a valid character)
However, these are not:

This, coupled with some code that only allows one branch/version of a
particular app to be exported at the same time does away with conflicts
between unrelated apps.

There are however some types of conflicts left:
* same app name could be installed in system/user dirs
* If is installed, some other app could
  install a subservice overriding the other one
* Independent of the app name, an app could install a desktop file
  with a description and icon that matches a system installed app.

I'm not sure how to "protect" against something like this though... The
second could be avoided with some way to strongly tie the app to the dns
name, but that will be a pain for app developers. The last is really
only fixable by having some kind of review/testing and trust system in
the app repository.

 Alexander Larsson                                            Red Hat, Inc 
       alexl redhat com            alexander larsson gmail com 
He's a gun-slinging amnesiac boxer who must take medication to keep him 
sane. She's a pregnant kleptomaniac soap star living homeless in New 
York's sewers. They fight crime! 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]