Well, yes: the store does advise caution, as we have little control over themes and widgets uploaded by their parties. The same way we would advise caution about running random software downloaded from the internet. That said, it does say KDE Store, so we should have some degree of control over it for our users’ sake. That is what we are working on.
That said part II, we can’t do with it the wider communities support. There simply isn’t the human resources necessary. The 2 options we have are to close down the store completely (but then people will just go to random GitHub repos and download stuff from there), or try to leverage the community to help us locate and remove (or at least quarantine) dodgy products.
One obvious fact that I though would never need to be reiterated (but here we are):
Almost all OpenSource licenses approved by OSI and/or FSF have “Disclaimer of Warranty” clause in one way or another. This is from MIT:
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
Fix the backends so that for example dolphin extensions are directly installed in the correct way and dont even need such scripts
Restrict extensions and themes to be nonexecutable at least by default
Involve the community to mark “dangerous addons” that need executable scripts to install themselves or work; and to report malicious addons; and to add an enforced test before the addon is published
Of course a dolphin extension always executes code. I think hiring a bunch of KDE users as pretesters could work, to enforce that every extension needs to be tested by the 2 community members to end up in the store. There could also always be a way to unhide untested addons etc.
And enforcing stricter guidelines for the extensions is also important of course
Well, yes: the store does advise caution, as we have little control over themes and widgets uploaded by their parties. The same way we would advise caution about running random software downloaded from the internet. That said, it does say KDE Store, so we should have some degree of control over it for our users’ sake. That is what we are working on.
That said part II, we can’t do with it the wider communities support. There simply isn’t the human resources necessary. The 2 options we have are to close down the store completely (but then people will just go to random GitHub repos and download stuff from there), or try to leverage the community to help us locate and remove (or at least quarantine) dodgy products.
@Bro666
One obvious fact that I though would never need to be reiterated (but here we are):
Almost all OpenSource licenses approved by OSI and/or FSF have “Disclaimer of Warranty” clause in one way or another. This is from MIT:
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
https://opensource.org/license/mit
More examples:
https://opensource.org/license/gpl-3-0#section15
And this too. I mean, it is not like it is the fine print either. They capitalise the whole paragraph.
Absolutely, and I would like to help with that.
But I think there are multiple parts to this:
Of course a dolphin extension always executes code. I think hiring a bunch of KDE users as pretesters could work, to enforce that every extension needs to be tested by the 2 community members to end up in the store. There could also always be a way to unhide untested addons etc.
And enforcing stricter guidelines for the extensions is also important of course