[arch-dev-public] Wine association, waht should we do?
Aaron Griffin
aaronmgriffin at gmail.com
Thu Aug 28 20:10:23 EDT 2008
On Thu, Aug 28, 2008 at 6:45 PM, Eduardo Romero <k3nsai at gmail.com> wrote:
> On Fri, 2008-08-29 at 09:06 +1000, James Rayner wrote:
>> And just to clarify something...
>> 1) KDE (not wine), just _alerted_ that there was an autorun available.
>> So it's a KDE feature, not wine.
>> 2) It only alerted that there's an autorun available (presumably
>> checking for autorun.inf) but did not run it. You had to click OK to
>> execute the autorun
>> 3) It makes sense for wine to be bound to exe's. Exe's should be
>> treated no different to any file type, as any file could possibly
>> contain a danger. Don't click an exe you dont trust, like you wouldnt
>> click a shell script or binary or any other file you don't trust the
>> source.
>>
>> So just to get things straight, no executable/autoruns are run without
>> asking the user first. There's no real "consequences" to speak of,
>> unless you're silly enough to click OK for a disc you don't trust.
>>
>> And hey, it was kinda convenient.
>
> Yeah, I kind of got that all, as I said for the 20th time, since I
> didn't had much time to research on the situation I brought it up here
> to see if developers thought it was a security thread. But we all know
> by now that it is not. Thanks for your message anyways.
If anyone asks, tell them the real threat is PEBKAC!
More information about the arch-dev-public
mailing list