On Thu, 2008-03-27 at 15:45 -0400, Jason Hoover wrote: > On Wed, 2008-03-26 at 16:23 -0400, Yuval Levy wrote: > [...]
> the only true security is an > > option not to write thumbnails to disk in the first place. Which is the approach taken by certain other operating environments... > Then why not simply disable thumbnails in the first place? Because you want them. > There appears to be some discrepancy and two clear camps. > > The first position is: "I like cached thumbnails and dislike having to > thumbnail the same things every time." [...] > The second, yours: "I like cached thumbnails and want them to be kept on > the individual media." These are not the only sensible possible approaches. MS Windows (like a number of Unix systems and programs) puts the thumbnails on the device, and it would certainly make sense for a desktop filemanager such as nautilus to be able to make use of "Thumbs.db"; the Mac (both OS X and older) similarly makes a desktop file on each drive that we could sensibly use if present, at least as a starting point. If a device is not writeable, or perhaps if a configuration file is present on the device that disallows thumbnails on the device, then the thumbnails have to be stored in a cache elsewhere. Said configuration file, if it existed, could also give an expiry time for the thumbnails, and that would be a useful feature for many people (whether managed explicitly via a UI, or per-drive user defaults, or whether you have to edit the file), including people who distributed DVDs of images. > [...] > a user might create a .thumbnail directory in a drive with the > permissions 700, and then prevent any other users from making thumbnails > in your proposed design. The existing spec avoids this. So does mine :) > > Scenario number two; even under your system, the potential exists for > there to be thumbnails of images which /have been deleted/. That's true in all the scenarios. Checking for it (1) when a device is unmounted vie e.g. gnome-mount -u, and (2) when thumbnails are accessed, and of course (3) when images are deleted, may help. It doesn't solve it 100% as you can use command-line operations to unmount a drive, or just pull it out, or there can be a powr failure. > This really only leaves two options: > > 1) Disable thumbnails. > 2) Make the thumbnails more easily removed. > > Perhaps the 'clear document history' option should be expanded to this > function? This provides a compromise; people who don't like their > information recorded can remove it at will, and people who don't care or > trust their own systems can keep it while still maintaining the full > functionality and benefits of the thumbnail system. perhaps it's a litlte like the Clear Browser Cache option, and yes, is sensible. Liam -- Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/ Pictures from old books: http://fromoldbooks.org/ Ankh: irc.sorcery.net irc.gnome.org www.advogato.org _______________________________________________ Usability mailing list Usability@gnome.org http://mail.gnome.org/mailman/listinfo/usability
