On Fri, 2003-12-26 at 01:19, Fabio Gomes wrote: > Some people are telling that if we use file suffixes to determine MIME > types, GNOME will have the same vulnerabilities that Windows has. This > is not true. Look, let's put it into real terms. A file type is not determined by it's extension. The detection-by-extension ethos is a _hack_. A hack to make things easy, but as with all hacks it has it's drawbacks and some massive ones at that. We could debate all night on what those drawbacks are. The reality is that a file's type is determined by two things: it's content and what the user wishes. Yes, file sniffing is slow. So implement it in a way that does not affect the user. Last time I used Nautilus, I could scroll up and down and jump between folders without extra pause, whilst Nautilus updates itself in the background. So what is the issue? It only updates what is in immediate view (as I recall) so you just scroll to your desired file and, if necessary, wait the 2s for it to be detected. If Nautilus is wrongly detecting a file type it is a _bug_ and should be dealt with as such. It is nothing to do with the system used by Nautilus. Detection of type by file extension is far more error prone and relies much more on correctness of user input which is an unreasonable expection on lay users. If you are having a problem opening a file in your preferred application, that is a shortcoming on behalf of the Nautilus interface and is a _bug_ or a _missing_feature_ and should be addressed as such. > The bugs present in Micros~1 Windows are not due to file type detection > by suffix. Wrong, they are. By due nature of the ridiculous method, people associate .jpg files or .gif files as images. This introduces a problem with visual association. Somebody gets an email with an attachment such as 'pretty.jpg.exe' or 'sexy.gif.pl' and they open it up. Yes, this is due to file type detection by suffix because you are subconciously causing people to recognise file types by file suffix and hence they can be easily mislead. You are expecting either 1) an unreasonable level of technical education or 2) an unrealistic level of file/email security in order for this not to introduce security issues. Period. One goal of Gnome is to make Free Software desktops a global reality (as if it already isn't). Introducing notions that add to the confusion just to save a few cpu cycles and/or to make things look snappier on-the-surface is no way to achieve that goal; unless you want a buggy, insecure system but that niche is already well filled. I wish this pointless discussion would go away. It's clogging up my inbox. Really, there's some damn clever guys hacking Gnome and this fairly important issue will have been rehashed over and over and over again by people far more active, informed, and intelligent than either you or me. - Charlie -- Charles Goodwin <charlie@xxxxxxx> Member of the XWT Foundation The future of the net - www.xwt.org _______________________________________________ gnome-list mailing list gnome-list@xxxxxxxxx http://mail.gnome.org/mailman/listinfo/gnome-list
