Re-think the concept of visual theming using QML
One nice thing about QML is that because it doesn't have to be compiled, it can be downloaded at runtime to add or change functionality. In addition to the obvious use in Widgets, we also use this in a variety of places related to visual Plasma theming. For example:
- Lock screen themes
- SDDM themes
- Task Switchers
- Splash screens
- Aurorae Window Decorations
This presents some problems. Since QML is code, we permit downloading new user-created code to hotpatch shell functionality. The implications here are rather unsettling, especially for security-critical system components like the lock and login screens. In addition to the security implications, code can break in non-malicious ways, and this does happen fairly regularly, based on bug reports. So we need to handle broken theme code in all of these places, which itself can break and is a source of poorly-tested code since we rarely break our own QML and test the fallback themes. It's also not necessarily clear to the user what happened when the theming code broke and the system fell back to some built-in thing.
Downloadable QML makes sense for things like Widgets that provide functionality, but for theming and other purely visual styling, I think we might want to consider moving away from QML-based styling and use something that contains no code, just graphics and markup and such.