A user has had a bad experience installing a global theme on Plasma and lost personal data.

Global themes do not only change the look of Plasma, but also the behavior. To do this they run code, and this code can be faulty, as in the case mentioned above. The same goes for widgets and plasmoids.

We are calling on the community to help us locate and quarantine defective software by using the “Report” buttons available on each item in the KDE Store.

Please see this linked image to locate them.

Meanwhile, KDE is taking measures to properly warn users before each download and we are also putting in place ways of auditing and curating what is uploaded to the KDE store.

Nevertheless, this will take time and resources. We recommend all users to be careful when installing and running software not provided directly by KDE or your distros.

And remember to report any faulty products you find!

  • Brickardo
    link
    fedilink
    158 months ago

    I must ask, isn’t that explicitly mentioned on the top side of the “get new…” menu?

    • Semperverus
      link
      English
      108 months ago

      Some people don’t read those popups.

      Its entirely their fault, but it happens, and we should account for that by doing things like making these posts where people come specifically to read.

      • @[email protected]
        link
        fedilink
        28 months ago

        What exactly do you expect users to do when they see “WARNING: what you are doing is unsafe” message? Cause the only outcome I can think of is that they won’t install themes at all.

        • Visikde
          link
          fedilink
          18 months ago

          @deadcream @semperverus
          I’ve used KDE for more than 10 years. I always take one of the basic themes, [varies by distro] & customize that to my liking. I’ve never bothered to click “get global themes”. I’m willing to spend some time to have a custom theme

        • Semperverus
          link
          English
          18 months ago

          As someone who works in infosec, that’d honestly be an ideal outcome. Because users don’t check their sources.

          What would be better is if countermeasures such as not allowing that kind of code to be run by the theming engine and also code scanning on the repository with automatic takedowns on detection were put in place.