On Wed, 2017-09-13 at 15:30 +0100, Phil Wyett wrote: > On Wed, 2017-09-13 at 13:36 +0000, Donncha O'Cearbhaill wrote: > > Jeremy Bicha: > > > > > > It's not just a UI change but a translatable string change. The new > > > dialog that users will have to use to mark .desktop's as trusted will > > > be untranslated. > > > > > > Therefore, if you want this feature, you will need to use Nautilus >= > > > 3.24 which means you will need to upgrade to buster. > > > > > > > I understand backporting is more difficult when there are user facing UI > > and localisation changes. AFAIK the only new translatable string in the > > patch is "Trust and _Launch". Would it be possible to include the > > translations for that string with this backport patch? > > > > Personally I don't consider this change a *feature*, it is a fix for a > > serious security issue affecting Debian stable users (and Tails). The > > issue is trivially exploitable against the default configuration. > > > > Video demonstrating the issue: > > https://twitter.com/bleidl/status/851969179980845056 > > More information and an example: > > https://github.com/DonnchaC/desktop-file-social-engineering > > Hi, > > Please note that the debdiff I provided was essentially a raw backport for > testing and I thought it may have issues. It was never meant as a 'here it is, > all done' patch ready for submission as a stable update. > > I am a little busy at the moment, but if I can help here, I will. > > Regards > > Phil >
Hi, Has anyone looked at how Red Hat are approaching this issue? RHEL 7.4 is gnome 3.22 and using nautilus 3.22.3 I believe. Regards Phil -- *** If this is a mailing list, I am subscribed, no need to CC me.*** Playing the game for the games sake. Web: https://kathenas.org Github: https://github.com/kathenas Twitter: kathenasorg Instagram: kathenasorg
signature.asc
Description: This is a digitally signed message part
