On Sunday 09 August 2015 03:49:29 Kevin Kofler wrote: > Reindl Harald wrote: > > Am 08.08.2015 um 02:14 schrieb Kevin Kofler: > >> Kevin Kofler wrote: > >>> Mustafa Muhammad wrote: > >>>> Some of my points were: > >>>> > >>>> 1) Almost dead upstream for Konq, vs thriving upstream for Firefox, > >>>> Konq may have undiscovered security vulnerabilities, but the limited > >>>> number of users is hiding them. > >>> > >>> The limited number of users also means nobody will be targeting > >>> Konqueror with attacks. IMHO, this is actually an advantage. > >> > >> PS: A Firefox 0-day exploited in the wild: > >> https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the > >> -wild/ Do we really want to expose our users to such risks? > > > > sorry, but *that* is nonsense > > > > while i am firefox user and don't like it as default on live-media just > > because there was a security bug is nonsense as argument, given that we > > would need to kill nearly any package out of Fedora because all software > > in the past few years had more or less critical security bugs > > The point is, as I wrote, Konqueror is very unlikely to get targeted by an > attack. Firefox, on the other hand, is an attractive target and does get > exploited in the wild (as the example has shown). > > All software has security holes. But only software with a high market share > is an interesting attack target. > > Kevin Kofler Huh?? That one I have to respond to. While in part true... the other aspect of vulnerability is how quickly a response is made to closing the holes. One of the hallmarks of Linux based systems is that security is #1. If a hole is discovered, it is repaired and released. It is in fact something that I am constantly amazed by. It isn't just the browser that is attacked, but protocols. and the main vector when it comes to browser security is the human factor. You cannot blame a browser, one way or the other if people keep doing dumb things (and we are all guilty of doing dumb things) on the internet. Scripting languages, php, java, jscript, etc are other vectors as well. The problem with Konqueror, is that no serious development is ongoing for it and it has been worked on in any serious fashion in a very long time. Other people have attempted to start new browsers projects but probably because of the organizational force of Mozilla and Google, the interest to push development has not been there. I do not fall on either side of the debate. I understand that the live spin is there to show off KDE / Plasma and its applications. Unfortuneately, Konqueror is not a shining example of what a KDE app should be. It was when it first came out. I loved it, but after the development team deferred development to Apple things went south quickly. An awful lot of people think of computers as communication devices rather than extremely sophisticated adding machines (which is what a computer is). If you are going to try to sell new users into using KDE on Fedora, you are more than likely gonna turn most of them off. Firefox needs to be included. It should not be exclusive. By the way... If there is room on the CD iso so should libreoffice. I believe that it would be counter productive to maintain an OCD stance when trying to promote KDE with applications that you know will turn newbies away. Hell, with the current state of affairs, they are turning vetrans away also. Thats my 2 cents worth. For your consideration Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ kde mailing list kde@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kde New to KDE4? - get help from http://userbase.kde.org
