Reply to topic

How safe are plasma themes, add ons, from the kde store?

redfox2
Registered Member
Posts
2
Karma
0
Hi,

I'm a new KDE user and would love to spice up my KDE installation. I am a pro at tweaking gnome, unity, etc. I usually install themes and such by placing them in my local folder instead of root, and I also try to avoid ppas. I noticed that KDE has features to install customized traits such as "Get new theme", "Get new decorations" etc. I'm guessing that the content listed is from the kde store. Are things from the kde store safe? I know that getting stuff from gnome-look can potentially be malicious. I'm just curious if I should also be cautious when downloading and installing from the kde store. Thanks!
Rog131
Registered Member
Posts
632
Karma
8
KDE Store

Get Hot New Stuf

The 'Get Hot New Stuff' refers to the ability of KDE applications to download data and extensions, and provides users with the possibility of sharing their creations with the rest of the world.

More:
- KDE Technologies: Get Hot New Stuff - https://dot.kde.org/2005/03/13/kde-tech ... -new-stuff


Third party - Opendesktop.org - 'Everyone can upload their creations to share'
(before KDE-Look & KDE-Apps, now KDE Store)

More/history:
- openDesktop.org. 15 years in review - http://karlitschek.de/2016/01/opendeskt ... in-review/
- openDesktop.org changes: http://karlitschek.de/2016/01/opendesktop-org-changes/


Is this safe ?

There are some safeguards from the KDE side. A recent example: Forbid more syscalls which could modify the filesystem - https://phabricator.kde.org/D8756 .

But as the slogan says 'Everyone can upload their creations to share'. There are no review of the possible poor or malicious code. There has been ideas of the review of the KDE store stuff: https://www.reddit.com/r/kde/comments/7 ... d_whatnot/ but it will need hands/eyes to do the work.

Earlier:
- tread: YOU THERE!! Malicious script installed as a DEB, please read! - https://forums.opensuse.org/showthread. ... lease-read!


Before installation I would:

1) Look the KDE Store page - https://store.kde.org
- What the other users are telling ?

2) Look the code
- What it is installing ?
- Where it is installing ?
- How I can uninstall this ?
- Does the widget/whatever use own installation script or is it using KDE tools - kpackagetool5 ?

Note ! Use of the admin/root rights is a bad sign.

Same/same kind of: https://www.reddit.com/r/kde/comments/7 ... m_the_kde/
airdrik
Registered Member
Posts
989
Karma
1
OS
In general you should use the same level of caution downloading from the kde store as from other online 3rd-party sources of themes such as you may have used in gnome/unity (including 3rd party PPA repos).
The Get New Themes functionality in KDE downloads them to a user-local theme folder much like you would have done with gnome themes (iirc, to ~/.local/share/<app>), so you don't have to worry about admin permissions and such.


airdrik, proud to be a member of KDE forums since 2008-Dec.

 
Reply to topic

Bookmarks



Who is online

Registered users: 1user2, 1ykos, aureotoshi, Baidu [Spider], bartoloni, Bing [Bot], Exabot [Bot], funkybomber, gfielding, Google [Bot], jacob-em, johssw, jSim, Sogou [Bot], strag, thugo, tosky, Yahoo [Bot]