I am not a KDE dev, but interested in that topic.
To partiticipate you can sign up in the forum, and maybe stay a bit and help other users ;)
I am not a KDE dev, but interested in that topic.
To partiticipate you can sign up in the forum, and maybe stay a bit and help other users ;)
It’s probably worth noting that Plasma’s customization support is useful not only to people looking for a special look & feel, but also as a proving ground for new things (and new approaches to old things) that can eventually make their way into mainline Plasma. Making things harder to customize would mean fewer people experimenting, refining ideas, and solving problems. With that in mind, I think that removing customization in hopes of simplifying test cases would be a mistake.
However, it’s my understanding that some of Plasma’s customization hooks allow third-party theme components to run arbitrary code, without even a warning, sandbox, or reasonable way for the user to inspect it beforehand. (This was in the news a couple months back, IIRC.) That was more or less okay 20-25 years ago, when malware on Free operating systems was almost unheard of, but it’s dangerous and irresponsible in today’s world, where extensions/plugins have become common attack vectors. I wouldn’t mind a little loss of customization to shut down that vulnerability, at least until safer extension APIs can be built.
Yes I agree. There is a switch you can use to block installing Addons.
But that is also not nice. Sandboxing them, having a manual review process, would help. But that is a TON of work.
I also change some things like UI buttons and find it to be a core requirement. At the same time, I could live without extreme theming, or just having widgets on the panel, or just having a bottom panel etc.
This is a difficult decision, so I thought it would be a good idea to just find out what some users want.
This is why it would make sense to have a restrictive and simple API that supports basic extensions with little oversight. Configuration only; no executable code.
For the small minority of add-ons that would require executable code, there could be a separate API with a more involved installation process, making it obvious to the user that the trust and risk levels are different from the above. A sandbox feature could perhaps be developed in the long run, but that is indeed a ton of work and hard to get right, and isn’t really necessary for this approach to be effective. Just having a software-style installation process (e.g. through a distro’s package manager) and different APIs would go a long way toward protecting users.