On April 4, 2010 11:02:30 Marco Martin wrote: > On Sun, Apr 4, 2010 at 3:39 PM, Diego Casella ([Po]lentino) > > <polentino...@gmail.com> wrote: > > Hi guys, > > sorry for being late, however here it is my proposal for this summer of > > code. > > Since, during PlasMate development, we talked a bit about the possibility > > to verify the plasmoids downloaded from kde-look.org or opendesktop.org, > > I think about it for a while and I came whit the idea to improve > > plasmaengineexplorer (plus plasmapkg and PlasMate, if there wil be > > enough time) in order > > to use the QCA api to provide plasmoids authentication. Here it is my > > implementation details (see the full proposal here > > http://socghop.appspot.com/gsoc/student_proposal/private/google/gsoc2010/ > > diego_casella/t127038771188): > > > > My idea is to use the QCA framework in order to verify the signature of > > the plasmoids downloaded from kde-look.org, opendesktop.org, or > > installed with plasmapkg/PlasMate. This will require patching the plasma > > widgetexplorer and plasmapkg (and also PlasMate in order to support the > > package signing process, if time permits that). > > This is a must have and was in the todo since day one... > as Chani said i'm not sure if is better at Plasma Package level or at > a broader thing for all ghns stuff >
hmm. honestly I think we'll want it at *both* levels in the end. the GHNS dialog will need to ask the server about the security rating, so some sort of server-side support needs writing for that. but we also want to check the security of manually downloaded plasmoids (or, say, a plasmoid that a friend emailed us). so we want it in Plasma too. it probably makes sense to start it in plasma, and spread it from there. :) oh, another thing: the kcm part of the proposal was kinda vague. I expect that it'll be just a simple thing, and advanced key-management stuff will be left to programs like kgpg... we don't want to scare people off. :) of course most will just leave it with the default KDE key anyways.. hrrm... what exactly is the kcm needed for? can't you just check which keys I trust in my keyring? -- This message brought to you by eevil bananas and the number 3. www.chani3.com
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel
