https://blog.davidedmundson.co.uk/blog/kde-store-content/
This has started a lot of discourse around the concept of the store, secuirty and upstream KDE…
In the short term we need to communicate clearly what security expectations Plasma users should have for extensions they download into their desktops. Applets, scripts and services, being programs, are easily recognised as potential risks. It’s harder to recognise that Plasma themes, wallpaper plugins and kwin scripts are not just passive artwork and data, but may potentially also include scripts that can have unintended or malicious consequences…
Longer term we need to progress on two avenues. We need to make sure we separate the “safe” content, where it is just metadata and content, from the “unsafe” content with scriptable content.
Then we can look at providing curation and auditing as part of the store process in combination with slowly improving sandbox support.