Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.

[Miguel de Icaza <miguel ximian com>]

> Why are you even bothering to try to argue about this?! It's not like
> this is unexplored territory and no one knows what will happen if we
> try. You are proposing to give Evolution *exactly* the functionality
> that has made Outlook as grotesquely insecure as it is. The warning
> message in your wrapper program is even similar to the demonstrated-
> to-be-absolutely-useless warning that Outlook gives in this case.

Mhm?  When did I talk about Evolution.  I am talking about Nautilus.

What this means for Evolution is:

        1. You have to save the file into the hard drive (ie, the
           "view image inline" feature from your example will *not*
           work).

        2. You have to go to your file manager.

        3. You have to locate the file that you have just "saved" from
           Evolution.

        4. You double click on the file.

        5. You get a warning (that defaults to `No') for trying to
           execute the binary.

        6. You make a decision (or you just hit the default, which is
           dont do anything)

This is different from double clicking on an attachment and getting a
dialog.  

I think we are talking about two completely different things here.
This is indeed explored terriory, and we have seen problems spread
through e-mail, not through double-click-on-executable-to-run.

> You have exactly missed my point. I'm claiming that it is (in the
> general case) just as "secure" with the warning as it is without, so if
> you don't feel comfortable shipping it without the warning, you
> shouldn't feel comfortable shipping it with either.

The warning default to `No'.  So if you do not read dialog boxes, and
are just quick to dismiss things, the right thing will happen.

Migue.l.