[Pkg-xfce-devel] Bug#517020: Bug#517020: Bug#517020: thunar: potential exploits via application launchers

David Mohr damailings at mcbf.net
Wed Feb 25 07:19:21 UTC 2009

On Wed, Feb 25, 2009 at 12:08 AM, Michael Gilbert
<michael.s.gilbert at gmail.com> wrote:
> On Wed, 25 Feb 2009 07:44:33 +0100 Yves-Alexis Perez wrote:
>> Can you point me to your patch to the specs? And your patch to the code?
> i understand that there's going to be a lot of work involved, and its
> easy for me to submit the problem, and hard for you to fix it.  i
> truely do appreciate that.  and i also understand that you're a
> volunteer, so technically, you don't really have to do anything if you
> don't want to.
> i'm just trying to help get the ball rolling.
> are [1],[2] the spec you are refering to?
> [1] http://portland.freedesktop.org/xdg-utils-1.0/xdg-desktop-icon.html
> [2] http://portland.freedesktop.org/xdg-utils-1.0/xdg-desktop-menu.html

Correct me if I'm wrong, but I think the point is that these specs do
NOT mention the supposed fix that was getting talked about in the
references on the bug report. A consensus is formed once the specs are
updated - then the fix should be implemented.

Notably there is no need to rush here because Thunar already behaves
extremely well - and does NOT manage the desktop. So the issue is
completely different than with KDE and GNOME.


More information about the Pkg-xfce-devel mailing list