this post was submitted on 19 Jul 2024
31 points (100.0% liked)

KDE

112 readers
5 users here now

KDE is an international technology team creating user-friendly free and open source software for desktop and portable computing. KDE’s software runs on GNU/Linux, BSD and other operating systems, including Windows.

Plasma 6 Bugs

If you encounter a bug, proceed to https://bugs.kde.org, check whether it has been reported.

If it hasn't, report it yourself.

PLEASE THINK CAREFULLY BEFORE POSTING HERE.

Developers do not look for reports on social media, so they will not see it and all it does is clutter up the feed.

founded 1 year ago
MODERATORS
 

I am not a KDE dev, but interested in that topic.

To partiticipate you can sign up in the forum, and maybe stay a bit and help other users ;)

you are viewing a single comment's thread
view the rest of the comments
[–] boredsquirrel@slrpnk.net 3 points 4 months ago (1 children)

Yes I agree. There is a switch you can use to block installing Addons.

But that is also not nice. Sandboxing them, having a manual review process, would help. But that is a TON of work.

I also change some things like UI buttons and find it to be a core requirement. At the same time, I could live without extreme theming, or just having widgets on the panel, or just having a bottom panel etc.

This is a difficult decision, so I thought it would be a good idea to just find out what some users want.

[–] mox@lemmy.sdf.org 2 points 4 months ago* (last edited 4 months ago) (1 children)

Sandboxing them, having a manual review process, would help. But that is a TON of work.

This is why it would make sense to have a restrictive and simple API that supports basic extensions with little oversight. Configuration only; no executable code.

For the small minority of add-ons that would require executable code, there could be a separate API with a more involved installation process, making it obvious to the user that the trust and risk levels are different from the above. A sandbox feature could perhaps be developed in the long run, but that is indeed a ton of work and hard to get right, and isn't really necessary for this approach to be effective. Just having a software-style installation process (e.g. through a distro's package manager) and different APIs would go a long way toward protecting users.

[–] boredsquirrel@slrpnk.net 1 points 4 months ago

And KDE components could be migrated to use that API and be separatable.

Currently it may be a bit messy.