Re: Automatic downloading of non-free software by stuff in main
On Thu, 2017-12-07 at 22:04 +0100, Adam Borowski wrote:
> I might be inattentive, but I did not notice a single pro mentioned
> on
> this thread. The only part, Windows-like "you downloaded this file
> from the
> Internet, it may be bad" popup, can be done with a boolean, and is
> still a
> dubious idea.
Pros:
I periodically have to figure what former grad student have done for
their computational experiments when they've left with nothing but
access to their home directories. The source for where input data came
from would be helpful.
As a flag to indicate to automated processes, such as desktop indexers
that should not blindly read a file.
Cons:
Metadata can be used against you.
I personally would find the URL helpful when faced with trying to
figure out where MyResults3.txt came from.
Based on this discussion what I'd like to see:
The XDG standard for where to store URL information, should also
include a standard way to turn this feature on or off.
Given issues with managing potentially hacked end users I would like it
if toggling the state required administrator privileges.
It should also be clearly defined in which situations the metadata
should be removed.
For instance it would be nice if copying the data between "my"
computers via nextcloud or scp would preserve the attribute, but
sending the file out via email or "untrusted" USB sticks would remove
the attribute.
That might be too hard, so a first milestone might be be moving or
copying the file around the same file system should protected the
attribute, and it should be stripped when the file is moved to a
different file system.
I don't know if xattrs can be locked to specific users, but it might
also be reasonable that on multiuser systems an attribute like this
should only be viewable by the owner & root.
Diane
Reply to: