71
Malicious KDE theme can wipe out all your data (www.reddit.com)
submitted 6 months ago* (last edited 6 months ago) by wisha@lemmy.ml to c/kde@lemmy.kde.social
33 comments fedilink hide all child comments

Or is it just buggy?

you are viewing a single comment's thread
view the rest of the comments
[-] Pantherina@feddit.de 1 points 6 months ago

Why do global themes need to do that? Arent they just color and image files, maybe audio?

It doesnt really matter if the code was malicious or not, this should not be possible.

Another example of how damn insecure linux is. Just because its not the snap store, we dont have tons of malicious addons on pling.

[-] Mehrad@fosstodon.org 0 points 6 months ago

@Pantherina
Yeah, by the same logic lets also call hotdogs dangerous because people have also choked on them!

https://nypost.com/2023/07/11/4-year-old-girl-dies-after-choking-on-costco-hot-dog-report/

At some point we should understand and agree that PEBKAC is a real thing. Logic dictates not to blame Linux and hotdog, and instead understand the consequence of using unverified/unvetted software.

@Bro666

[-] Bro666@lemmy.kde.social 4 points 6 months ago

Well, yes: the store does advise caution, as we have little control over themes and widgets uploaded by their parties. The same way we would advise caution about running random software downloaded from the internet. That said, it does say KDE Store, so we should have some degree of control over it for our users' sake. That is what we are working on.

That said part II, we can't do with it the wider communities support. There simply isn't the human resources necessary. The 2 options we have are to close down the store completely (but then people will just go to random GitHub repos and download stuff from there), or try to leverage the community to help us locate and remove (or at least quarantine) dodgy products.

[-] Mehrad@fosstodon.org 2 points 6 months ago* (last edited 6 months ago)

@Bro666

One obvious fact that I though would never need to be reiterated (but here we are):

Almost all OpenSource licenses approved by OSI and/or FSF have "Disclaimer of Warranty" clause in one way or another. This is from MIT:

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

https://opensource.org/license/mit

More examples:
https://opensource.org/license/gpl-3-0#section15

[-] Bro666@lemmy.kde.social 1 points 6 months ago

And this too. I mean, it is not like it is the fine print either. They capitalise the whole paragraph.

load more comments (1 replies)
load more comments (6 replies)
load more comments (7 replies)
this post was submitted on 20 Mar 2024
71 points (93.8% liked)

KDE

4997 readers
58 users here now

KDE is an international technology team creating user-friendly free and open source software for desktop and portable computing. KDE’s software runs on GNU/Linux, BSD and other operating systems, including Windows.

Plasma 6 Bugs

If you encounter a bug, proceed to https://bugs.kde.org, check whether it has been reported.

If it hasn't, report it yourself.

PLEASE THINK CAREFULLY BEFORE POSTING HERE.

Developers do not look for reports on social media, so they will not see it and all it does is clutter up the feed.

founded 1 year ago
MODERATORS
carlschwan@lemmy.kde.social
Bro666@lemmy.kde.social
herzenschein@pawb.social
Aniqakhokhar@lemmy.kde.social