Hi guys, sorry for being late, however here it is my proposal for this summer of code. Since, during PlasMate development, we talked a bit about the possibility to verify the plasmoids downloaded from kde-look.org or opendesktop.org, I think about it for a while and I came whit the idea to improve plasmaengineexplorer (plus plasmapkg and PlasMate, if there wil be enough time) in order to use the QCA api to provide plasmoids authentication. Here it is my implementation details (see the full proposal here http://socghop.appspot.com/gsoc/student_proposal/private/google/gsoc2010/diego_casella/t127038771188 ):
My idea is to use the QCA framework in order to verify the signature of the plasmoids downloaded from kde-look.org, opendesktop.org, or installed with plasmapkg/PlasMate. This will require patching the plasma widgetexplorer and plasmapkg (and also PlasMate in order to support the package signing process, if time permits that). Basically, when downloading a scripted plasmoid, the widget explorer will extract a file containing the signature of the plasmoid, and check its validity with a set of public keys shipped with KDE, or a set of custom imported keys (manageable from a KCM module): if the validation process is successfull against the original KDE keys, the widget explorer will show a green flag in a corner of the corresponding plasmoid icon, meaning that the plasmoid has been made from a KDE developer, so you can trust it. If the validation is successful with a custom key imported by the user, a yellow flag will be displayed instead, meaning that plasmoid is signed and you trust the developer who released that plasmoid. If no keys are matched, or the plasmoid is shipped without a signature file, a red flag will be shown, meaning "use it at your own risk". Tooltips will be also patched in order to show these informations. Any feedback, suggestion or advice is welcome ! Cheers, -- Diego
_______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel
