On Sat, Aug 8, 2015 at 9:49 PM, Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote:
The point is, as I wrote, Konqueror is very unlikely to get targeted by anReindl Harald wrote:
> Am 08.08.2015 um 02:14 schrieb Kevin Kofler:
>> Kevin Kofler wrote:
>>
>>> Mustafa Muhammad wrote:
>>>> Some of my points were:
>>>>
>>>> 1) Almost dead upstream for Konq, vs thriving upstream for Firefox,
>>>> Konq may have undiscovered security vulnerabilities, but the limited
>>>> number of users is hiding them.
>>>
>>> The limited number of users also means nobody will be targeting
>>> Konqueror with attacks. IMHO, this is actually an advantage.
>>
>> PS: A Firefox 0-day exploited in the wild:
>> https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
>> Do we really want to expose our users to such risks?
>
> sorry, but *that* is nonsense
>
> while i am firefox user and don't like it as default on live-media just
> because there was a security bug is nonsense as argument, given that we
> would need to kill nearly any package out of Fedora because all software
> in the past few years had more or less critical security bugs
attack. Firefox, on the other hand, is an attractive target and does get
exploited in the wild (as the example has shown).
All software has security holes. But only software with a high market share
is an interesting attack target.
Kevin Kofler
_______________________________________________
kde mailing list
kde@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kde
New to KDE4? - get help from http://userbase.kde.org
As was pointed out earlier in the thread, you're arguing for security through obscurity:
a. While you're probably not wrong that there are significantly fewer or nearly zero targeted attacks against Konqueror, that isn't the end of the story because:
b. The obvious counterpoint is that the limited number of users and developers means that very few people will be using, testing, and discovering security vulnerabilities, either by running Konqueror or reviewing the code. This makes software less secure, not more secure.
Someone earlier claimed that unless we had proof of CVEs in Konqueror, we shouldn't discuss this point. But the absence of recent CVEs being discovered in Konqueror doesn't mean that there aren't any, it means that no one is spending enough time and effort searching for them to actually find them. That's not a good thing. (In the same sense that no software is expected to be bug-free).
Aside from the security issue--
As a bystander / Fedora KDE user, I definitely agree that it would be nice if Fedora KDE/Plasma shipped a browser with nice Plasma/Qt integration, but I also have never deliberately used Konqueror and have always replaced it with Firefox and Chromium (obviously not currently an option here) immediately. Especially since I came sideways into KDE from Gnome, where the default browser was Firefox anyway. I suspect many Fedora KDE users, especially newer users, are similar? It's a brief annoyance early on when configuring the system.
I seriously doubt that many people new to KDE and/or Fedora stick with Konqueror these days, but I could be wrong.
So I really don't think it gains Fedora anything to ship Konqueror, specifically, as the default browser in the KDE image. I concede that there might be some gain to shipping a Qt browser of some sort, however.
Ben Rosser
_______________________________________________ kde mailing list kde@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kde New to KDE4? - get help from http://userbase.kde.org
