I am not a KDE dev, but interested in that topic.
To partiticipate you can sign up in the forum, and maybe stay a bit and help other users ;)
Is that the GNOME-ification of KDE?
False dilemma fallacy
KDE Plasma can break a lot when it is modded. I see that the feature to reset the settings is really cool (but the option to show them is hidden).
But still, your desktop is not managed, unlike your system packages.
I had Plasma break a lot, but I think that was general instability, not because of extensions etc.
So maybe you are right? Maybe not. Interesting to know anyways.
In my experience kde is very stable. A “lot” of “instability” comes from third party features. I didn’t click on the link, btw.
Yes that is kind of my point.
KDE Plasma has a lot of features and that is okay and doesnt need to go away.
The instability comes through dozens of ways to change its defaults, add random code into it, change panels etc.
It still manages to stay stable anyways, but my question is if it is worth it.
And… click on the link. Lol.
No. I think the customizability KDE offers can be maintained and increased while improving stability.
It’s probably worth noting that Plasma’s customization support is useful not only to people looking for a special look & feel, but also as a proving ground for new things (and new approaches to old things) that can eventually make their way into mainline Plasma. Making things harder to customize would mean fewer people experimenting, refining ideas, and solving problems. With that in mind, I think that removing customization in hopes of simplifying test cases would be a mistake.
However, it’s my understanding that some of Plasma’s customization hooks allow third-party theme components to run arbitrary code, without even a warning, sandbox, or reasonable way for the user to inspect it beforehand. (This was in the news a couple months back, IIRC.) That was more or less okay 20-25 years ago, when malware on Free operating systems was almost unheard of, but it’s dangerous and irresponsible in today’s world, where extensions/plugins have become common attack vectors. I wouldn’t mind a little loss of customization to shut down that vulnerability, at least until safer extension APIs can be built.
Yes I agree. There is a switch you can use to block installing Addons.
But that is also not nice. Sandboxing them, having a manual review process, would help. But that is a TON of work.
I also change some things like UI buttons and find it to be a core requirement. At the same time, I could live without extreme theming, or just having widgets on the panel, or just having a bottom panel etc.
This is a difficult decision, so I thought it would be a good idea to just find out what some users want.
Sandboxing them, having a manual review process, would help. But that is a TON of work.
This is why it would make sense to have a restrictive and simple API that supports basic extensions with little oversight. Configuration only; no executable code.
For the small minority of add-ons that would require executable code, there could be a separate API with a more involved installation process, making it obvious to the user that the trust and risk levels are different from the above. A sandbox feature could perhaps be developed in the long run, but that is indeed a ton of work and hard to get right, and isn’t really necessary for this approach to be effective. Just having a software-style installation process (e.g. through a distro’s package manager) and different APIs would go a long way toward protecting users.
