Ghostboard pixel Skip to content

KDE Clarifies Risks on Installing Global Themes in Plasma 6 & What You Need to Do Instead

KDE Store will start making some changes, meanwhile, you need to keep an eye out of what you install!

Just a few days back, an openSUSE user had a rude awakening after they installed a global theme on their KDE Plasma-equipped system from the KDE Store.

The theme called “Grey Layout managed to erase all their data completely from the user-mounted drives on the system. It did so by executing the dreaded “rm -rf” command, which deleted anything that came in its path.

As you can see below, Reddit user, JeansenVaars posted their predicament on the openSUSE Subreddit, where many sympathized with the situation, and some calling for the KDE Store to be completely remade from scratch.

a screenshot of the reddit post made by jeansenvaars

Another Reddit user also suggested them to make a post on the KDE Subreddit to gain some traction there; and that it did.

The post got the attention of the KDE Plasma developers, with Nate Graham stating that the theme in question had been removed from the store.

All that commotion begged the following question.

Global Themes on Plasma: A Double-Edged sword?

a screenshot of the global themes pages in the kde store
Global Themes for Plasma 6 on the KDE Store

If the situation mentioned above is any indication, then yes, installing global themes from the KDE Store on Plasma can be a tricky situation if you were to install something malicious or inherently broken by nature.

Writing about this issue, David Edmundson from KDE pointed out that this was caused due to a mistake in “some shell parsing”, and not something that was done deliberately by the theme publisher.

However, the discussion around this got them thinking;

Allowing users to download and install stuff like themes, applets, scripts, etc. is a good thing to have, and that “nothing on the KDE store happens without explicit user interaction”.

As a result, they have now realized that using terms like “global themes” and “Plasma applets”, doesn't necessarily signal that a piece of software may be unsafe.

Even though the store has the following disclaimer 👇, I am not convinced that it is enough.

While this theme's code may not have had malicious intent to begin with, some other themes can have a malicious intent, and without review, it is indeed a dangerous situation to think of 😲

Source: David Edmundson

KDE's Move!

Fortunately, KDE is not going to sit idly by. David mentions that in the short term, they intend to properly communicate the security implications of extensions users download for their Plasma desktops.

In the long term, they plan to separate the “safe” content from the “unsafe” content, while also integrating curation and auditing into the store with improved sandbox support.

He also adds that:

If you install content from the store, I would advise checking it locally or looking for reviews from trusted sources.

I agree with David, users should always check reviews of anything they get from the KDE Store, or even from any other software store for that matter. They could check for reviews on the store itself, or from reliable sources such as Reddit.

You never know what kind of harm-causing software you may be adding to your Linux system if you are not careful.

On that note, if you are looking for Plasma themes, you could refer to our list of gorgeous KDE Plasma themes that we recommend. This time, be cautious about everything!

Suggested Read 📖

11 Gorgeous Themes to Make KDE Plasma Even More Beautiful
The default Breeze theme is good but you can make your KDE Plasma desktop look different and better by changing the theme. Here are some of the best KDE themes.

💬 Did this kind of situation ever happen to you? Do let me in the comments below!

More from It's FOSS...