KDE is an international technology team creating user-friendly free and open source software for desktop and portable computing. KDE’s software runs on GNU/Linux, BSD and other operating systems, including Windows.
If you encounter a bug, proceed to https://bugs.kde.org, check whether it has been reported.
If it hasn't, report it yourself.
PLEASE THINK CAREFULLY BEFORE POSTING HERE.
Developers do not look for reports on social media, so they will not see it and all it does is clutter up the feed.
Are we all forgetting rm -rf has the --no-preserve-root safeguard? The accidental engine DataSource culprit seems unlikely. You can experiment yourself with in VM. It's only a couple lines of QML code. Nothing will happen without explicitly turning off safety.
The pling account that posted the theme was registered on February 25 2024. And suddently it has 3800 downloads without anyone else saying anything?
Things aren't adding up. I think this had to be intentional malicious crafted code.
Are we all forgetting rm -rf has the --no-preserve-root safeguard?
How will it help saving the important data that's in /home?
Unless you have your root dir mounted in your home directory! Thanks btrfs. It might be protect by permissions but I wiped a whole disk without --no_preserve_root. It hurts being too clever sometimes. 
You need to delete the a for the link to work
I must ask, isn't that explicitly mentioned on the top side of the "get new..." menu?
Some people don't read those popups.
Its entirely their fault, but it happens, and we should account for that by doing things like making these posts where people come specifically to read.
What exactly do you expect users to do when they see "WARNING: what you are doing is unsafe" message? Cause the only outcome I can think of is that they won't install themes at all.
As someone who works in infosec, that'd honestly be an ideal outcome. Because users don't check their sources.
What would be better is if countermeasures such as not allowing that kind of code to be run by the theming engine and also code scanning on the repository with automatic takedowns on detection were put in place.
I thought wayland was supposed to improve security. Were the past 18 years a lie?
This is not about Wayland.
I don't think that this is related to Wayland.
I thought Wayland just keeps running apps from seeing into eachother, doesn't help when a theme can somehow rm -rf your entire system which is absolutely absurd that it's even possible to happen. Like I saw someone else say in another thread, every time I think Linux is in a situation where it can get some more marketshare, I see something like this that reminds me why we only have 4%
In that case the wayland project should be held accountable for false marketing and deceiving users
Clearly you don't know the first thing about Wayland. If you run an application without a sandbox, of course it can execute commands. That's just common sense. Qt themes are also kind of an application. Now that's where the fault lies, not with the protocol applications use to interact with the compositor (Wayland).
Ignore him. You would think people have something better to do but apparently creating an account just to trashtalk wayland is a thing. I’ve seen it before, probably the same dude.
Maybe you should ask for your money back...
I wonder how much 18 years of time is worth
Considering this is what you do with your time when given the choice, not much in your case.
The wayland project was originally started by George Soros... what did you expect?
I think this is a joke?
I lean center-right myself (and yet somehow continue to use Lemmy) and still marvel at the complete lunacy of conspiracy theories about him that right-wingers can dream up.
