Change Details

=Description= User expectation of security has changed over recent years. Android and iPhones are in a much better state than the Linux desktop, and we are catching up. A key part of that is the ability to restrict the impact of any unfavourable behaviour through sandboxes. With Flatpak and Snaps available we are seeing this available for applications but we are not up the standard we should be with our infrastructure. This is a task that is completely unappreciated and boring, for the majority case the user is completely unaffected by improvements we make... until something bad happens. This goal is about making pre-emptive steps to avoid problems later. =What it will take= **Concrete Technical Actions** - Box our our icon extraction - Box dolphin and Baloo's file metadata extraction - Box network KIO runners away from anything irrelevant **Open-ended stretch goals** - Moving towards a "portals first" approach in our frameworks and ensuring good adoption inside our applications. - Creating steps to move several Plasma addons available through flatpak mechanisms, which requires infrastructure changes throughout the stack - Moving away from scriptable content in user-retrievable add-ons where possible =How we know we succeeded= We should be in a situation where we could get a security audit on the specific areas addressed. This is where I would spend the goal budget. =Relevant links= =Champions= David Edmundson =I am willing to put work into this= * add your name =I am interested= * add your name

=Description= User expectation of security has changed over recent years. Android and iPhones are in a much better state than the Linux desktop, and we are catching up. A key part of that is the ability to restrict the impact of any unfavourable behaviour through sandboxes. With Flatpak and Snaps available we are seeing this available for applications but we are not up the standard we should be with our infrastructure. This is a task that is completely unappreciated and boring, for the majority case the user is completely unaffected by improvements we make... until something bad happens. This goal is about making pre-emptive steps to avoid problems later. =What it will take= **Concrete Technical Actions** - Box our our icon extraction - Box dolphin and Baloo's file metadata extraction - Box network KIO runners away from anything irrelevant **Open-ended stretch goals** - Moving towards a "portals first" approach in our frameworks and ensuring good adoption inside our applications. - Creating steps to move several Plasma addons available through flatpak mechanisms, which requires infrastructure changes throughout the stack - Moving away from scriptable content in user-retrievable add-ons where possible =How we know we succeeded= We should be in a situation where we could get a 3rd party security audit on the specific areas addressed. This is where I would spend the goal budget. =Relevant links= =Champions= David Edmundson =I am willing to put work into this= * add your name =I am interested= * add your name

=Description= User expectation of security has changed over recent years. Android and iPhones are in a much better state than the Linux desktop, and we are catching up. A key part of that is the ability to restrict the impact of any unfavourable behaviour through sandboxes. With Flatpak and Snaps available we are seeing this available for applications but we are not up the standard we should be with our infrastructure. This is a task that is completely unappreciated and boring, for the majority case the user is completely unaffected by improvements we make... until something bad happens. This goal is about making pre-emptive steps to avoid problems later. =What it will take= **Concrete Technical Actions** - Box our our icon extraction - Box dolphin and Baloo's file metadata extraction - Box network KIO runners away from anything irrelevant **Open-ended stretch goals** - Moving towards a "portals first" approach in our frameworks and ensuring good adoption inside our applications. - Creating steps to move several Plasma addons available through flatpak mechanisms, which requires infrastructure changes throughout the stack - Moving away from scriptable content in user-retrievable add-ons where possible =How we know we succeeded= We should be in a situation where we could get a 3rd party security audit on the specific areas addressed. This is where I would spend the goal budget. =Relevant links= =Champions= David Edmundson =I am willing to put work into this= * add your name =I am interested= * add your name