On Wed, Mar 9, 2016 at 10:09 AM, Sebastian Kügler <se...@kde.org> wrote: > On Wednesday, March 09, 2016 00:55:40 kainz.a wrote: >> > No, what I mean was that what Kai was suggesting can be fabricated >> > super easily, making things look like they got VDG approval even if >> > they did not. >> >> As the VDG approval stuff comes from the icon theme and I'm the maintainer, >> it's not that easy. (I work at an company something like TÜV) > > Icons can be overridden by the user through the cascading in his home > directory, no?
well, don't think there will be a way to make it "secure", unless every single released version of the widget is actually digitally signed (may be a good thing to get started on plasmoid signing tough). if it's in the desktop file, more than malicious intent i can just see copypaste it without even knowing what it is. in the icon, the plasmoid previews are probably the icons that are more unlikely to be overridden by themes -- Marco Martin _______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel
