© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
From reading the comments of this and related bugs, it seems to me that the only real security concern here is drive-by attacks where the user has not clicked the link. If this is what is causing developers to resist remembering the user's choice of app and automatically opening without additional interaction then I see the point. This would not be safe, and although my initial thoughts were all centred around "remember my choice when i damn well tell you to", I don't think I should be able to do this as it stands, even in about:config. PDFs provide a good example of a format that often has serious security holes, and the risk of being hit with automatically opened PDFs without clicking deters me from wanting this change. Do I understand the position correctly?
HOWEVER, I am also incredibly irritated by this lack of functionality on an hourly basis and have been for years. There has, despite legitimate concerns, been some stonewalling and stubbornness. I think this bug should focus on technical solutions to what is a clear usability issue. The usability issues exists, regardless of other concerns. Let's fix it. How can we allow users to remember their choice of app for links that they DO click on? There are elements of things like pop-up blocking that seem to have knowledge of whether or not a user made a click. Is this information available in the download code path? Could it reliably be made available? How reliable? The massive majority of cases involve clicking a link, and requiring unnecessary extra clicks when it should be seamless. This needs addressing. I have only *ever* once been targeted by a download I didn't click on. Enabling these attacks is not a good thing, but working around them is essential.
At the very least, for immediate clarity if a real solution requires significant work: the dialogue should be re-worded or better the functionality changed. I believe there is another bug for this already? The remember check-box should be unchecked and disabled if the radio button for open is selected. Even better, check-box and text should be replaced to signify why the choice cannot be remembered. None of these things would constitute this bug being fixed.
I find it hard to see how ex