March 21, 2024 at 03:10PM
The KDE team warns Linux users to be cautious when installing global themes from the official KDE Store, as these themes can run arbitrary code on devices, potentially causing data loss. They lack resources to review the code of each submitted theme and advise users to be vigilant and report any faulty software.
After reviewing the meeting notes, the key takeaways are:
1. KDE team warns Linux users about the potential risks of installing global themes from the official KDE Store, as these themes can run arbitrary code on devices, leading to unexpected consequences, including data loss.
2. The current state of the KDE Store allows anyone to upload new themes and plugins without any checks for malicious behavior, and KDE lacks the resources to thoroughly review the code used by each global theme submitted for inclusion in its official store.
3. A specific incident was reported where a faulty global theme executed the ‘rm -rf’ command, resulting in the permanent deletion of a user’s personal data from mounted drives without any warning or confirmation.
4. KDE promises to start vetting store content and improving the warnings provided to users before installing community-developed themes and plugins. They also ask the community to report faulty software already available through the KDE Store.
5. The KDE team recommends users to exercise caution when installing and running software not provided directly by KDE or their distros, and advises checking content locally or looking for reviews from trusted sources if installing from the store.
Overall, the meeting notes highlight the urgent need for improved security measures and vetting processes for global themes and plugins in the KDE Store to protect users from potential data loss and other unexpected consequences.