Re: Nautilus anti-hax0r detection bug

From: Alexander Larsson <alexl redhat com>
To: Dave Ahlswede <mightyquinn letterboxes org>
Cc: Nautilus Hackers <nautilus-list gnome org>
Subject: Re: Nautilus anti-hax0r detection bug
Date: Tue, 27 Sep 2005 10:46:51 +0200

On Tue, 2005-09-27 at 04:25 -0400, Dave Ahlswede wrote:
> On Tue, 2005-09-27 at 10:19 +0200, Alexander Larsson wrote:
> > On Mon, 2005-09-26 at 09:39 -0400, Ryan Lortie wrote:
> > > Hello everyone.
> > > 
> > > I brought the issue up today with Sebastien that I'd like for him to
> > > disable Nautilus's filetype matchup code (the one that displays the
> > > annoying and occasionally comical dialog box when the extension doesn't
> > > match the detected mime type).
> > > 
> > > He's not comfortable reversing upstream decision so close to release so
> > > he encouraged me to bring the issue up on this list.  The GNOME bug has
> > > received zero attention since I reopened it just after the 2.12.0
> > > release failed to address the issue.
> > > 
> > > (( http://bugzilla.gnome.org/show_bug.cgi?id=309862 ))
> > > 
> > > Further up in the bug report Nicholas Miell comments "Current solution
> > > is just unpleasant without actually doing anything." and "You should
> > > probably disable the feature entirely until it's actually useful."
> > > 
> > > This problem bites users an awful lot in legitimate normal use-cases
> > > with a scary warning.  Unless anyone knows a good reason otherwise, can
> > > we please get rid of this hack until it actually works?
> > 
> > It used to be the case that you never got a warning when the two
> > mimetypes would be opened in the same applications, but apparently Manny
> > broke that with his recent change to this code. We should at least get
> > this old behaviour back, which should fix your cgi/diff problem.
> > 
> > The text of the dialog is sort of bogus, it really isn't likely to be a
> > security problem. There is a problem though. If we fix the warning to
> > not trigger anymore when the same app would launch then the warning will
> > only happen in cases where we're not really sure what to do with the
> > file. In that case, should we just always trust the sniffed type, or the
> > filename type? One is guaranteed to be wrong...
> 
> Would it be feasible to present a dialog saying something to the effect
> of "I can't tell whether this is type X or type Y-- which do you
> think?", with buttons to "Open as type X" and "Open as type Y"? It's
> still somewhat bothersome, but it saves a right click.

Yeah, that would probably be better. It'll remove the mention of
security, and lets you easily do the "right" thing.  

At the moment I've at least made it so that the warning is only
displayed if both: 
1) The mimetype of the sniffed type is not the same as, an alias of, or
a subclass of the mimetype taken from the filename.
2) The two mimetypes both have default applications, and they differ.

In these cases we really don't know which app to pick.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's a war-weary vegetarian cat burglar from the 'hood. She's an elegant 
junkie detective who dreams of becoming Elvis. They fight crime!

References:
- Nautilus anti-hax0r detection bug
  - From: Ryan Lortie
- Re: Nautilus anti-hax0r detection bug
  - From: Alexander Larsson
- Re: Nautilus anti-hax0r detection bug
  - From: Dave Ahlswede

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]