Re: [Nautilus-list] Idea for Nautilus and GMC



I'm not on this list, so if you reply do, please reply-all.  I am
responding because we had this exact discussion on the KDE
list.  We never came to an agreement but there was also a
heated discussion.  Since so many people are on either side,
it probably is best to have this configurable....but I doubt anyone
has implemented it.   However, I thought Nautilus already did
something similar for .run and .sh files.

This is my opinion:

1.) .run and .sh (and other "normal" executable extensions) have
a warning by default with a "Don't show me this again" check box.

2.) All other files  should ALWAYS give a warning(like the one
Christian gave) because of the possibility of a malicious file
masquerading as an image/document or other file.

However, the problem with this is there are many executables with
no extension...like "installer" or "linux-install"  I don't know whether
should make the compromise.

I would also like to point out to security police that many people have
security as a very low priority(compared to ease of use and productivity)...
Mandrake has security options of "Crackers, Low, Medium, etc"...and I
bet you many, many people have it set to "Crackers" or "Low"  (otherwise
you lose functionality like remotel X sessions).  However, it is still our
responsibility to protect end users as much as we can, so the results are:

1.)  If they click on an untrusted file called "happy.run" it's their stupidity if
it's bad(I hope they can tie their shoe.).

2.)  We should protect them from clicking happy.image and getting an executable
        without their consent.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]