WARNING: Global themes and widgets created by 3rd party developers for Plasma can and will run arbitrary code. You are encouraged to exercise extreme caution when using these products.
You are only browsing one thread in the discussion! All comments are available on the post page.
Its entirely their fault, but it happens, and we should account for that by doing things like making these posts where people come specifically to read.
What exactly do you expect users to do when they see “WARNING: what you are doing is unsafe” message? Cause the only outcome I can think of is that they won’t install themes at all.
As someone who works in infosec, that’d honestly be an ideal outcome. Because users don’t check their sources.
What would be better is if countermeasures such as not allowing that kind of code to be run by the theming engine and also code scanning on the repository with automatic takedowns on detection were put in place.