I honestly did not know that KDE themes contained executable code. When I think “theme”, I think of cosmetic settings that plug into an existing program, which I would hope sanitizes its input and does NOT execute arbitrary code. I don’t think “arbitrary executable code running as root”.
I’m assuming KDE warns you about this when you try to install a theme, right? I’m not at my KDE system to test at the moment. I did try downloading a theme tar from the web site, and it doesn’t seem to contain any code — just SVG files, a colors config file, and a metadata file.
It may help to know a bit of history: KDE3 themes could include a bespoke widget style, and QT3 widget styles were always implemented as executables (you can look at modified versions of the C++ code in the TDE git repository, if you’re really bored). So keeping code out of the themes hasn’t been important to KDE for at least the past 20 years. If I’m not mistaken, far more things are stylable in current versions of KDE. That doesn’t mean that every theme will style all of them, though—you can have codeless styles like the one you found, that make use of the built-ins rather than trying to change All The Things.
I honestly did not know that KDE themes contained executable code. When I think “theme”, I think of cosmetic settings that plug into an existing program, which I would hope sanitizes its input and does NOT execute arbitrary code. I don’t think “arbitrary executable code running as root”.
I’m assuming KDE warns you about this when you try to install a theme, right? I’m not at my KDE system to test at the moment. I did try downloading a theme tar from the web site, and it doesn’t seem to contain any code — just SVG files, a colors config file, and a metadata file.
Breeze, for example, contains a lot of code. For instance
It may help to know a bit of history: KDE3 themes could include a bespoke widget style, and QT3 widget styles were always implemented as executables (you can look at modified versions of the C++ code in the TDE git repository, if you’re really bored). So keeping code out of the themes hasn’t been important to KDE for at least the past 20 years. If I’m not mistaken, far more things are stylable in current versions of KDE. That doesn’t mean that every theme will style all of them, though—you can have codeless styles like the one you found, that make use of the built-ins rather than trying to change All The Things.