Malicious KDE theme can wipe out all your data - eviltoast
  • Pantherina@feddit.de
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    8 months ago

    Absolutely, and I would like to help with that.

    But I think there are multiple parts to this:

    1. Fix the backends so that for example dolphin extensions are directly installed in the correct way and dont even need such scripts
    2. Restrict extensions and themes to be nonexecutable at least by default
    3. Involve the community to mark “dangerous addons” that need executable scripts to install themselves or work; and to report malicious addons; and to add an enforced test before the addon is published

    Of course a dolphin extension always executes code. I think hiring a bunch of KDE users as pretesters could work, to enforce that every extension needs to be tested by the 2 community members to end up in the store. There could also always be a way to unhide untested addons etc.

    And enforcing stricter guidelines for the extensions is also important of course