<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Aug 8, 2015 at 9:49 PM, Kevin Kofler <span dir="ltr"><<a href="mailto:kevin.kofler@chello.at" target="_blank">kevin.kofler@chello.at</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">Reindl Harald wrote:<br>
> Am 08.08.2015 um 02:14 schrieb Kevin Kofler:<br>
>> Kevin Kofler wrote:<br>
>><br>
>>> Mustafa Muhammad wrote:<br>
>>>> Some of my points were:<br>
>>>><br>
>>>> 1) Almost dead upstream for Konq, vs thriving upstream for Firefox,<br>
>>>> Konq may have undiscovered security vulnerabilities, but the limited<br>
>>>> number of users is hiding them.<br>
>>><br>
>>> The limited number of users also means nobody will be targeting<br>
>>> Konqueror with attacks. IMHO, this is actually an advantage.<br>
>><br>
>> PS: A Firefox 0-day exploited in the wild:<br>
>> <a href="https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/" rel="noreferrer" target="_blank">https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/</a><br>
>> Do we really want to expose our users to such risks?<br>
><br>
> sorry, but *that* is nonsense<br>
><br>
> while i am firefox user and don't like it as default on live-media just<br>
> because there was a security bug is nonsense as argument, given that we<br>
> would need to kill nearly any package out of Fedora because all software<br>
> in the past few years had more or less critical security bugs<br>
<br>
</div></div>The point is, as I wrote, Konqueror is very unlikely to get targeted by an<br>
attack. Firefox, on the other hand, is an attractive target and does get<br>
exploited in the wild (as the example has shown).<br>
<br>
All software has security holes. But only software with a high market share<br>
is an interesting attack target.<br>
<div class="HOEnZb"><div class="h5"><br>
Kevin Kofler<br>
<br>
_______________________________________________<br>
kde mailing list<br>
<a href="mailto:kde@lists.fedoraproject.org">kde@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/kde" rel="noreferrer" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/kde</a><br>
New to KDE4? - get help from <a href="http://userbase.kde.org" rel="noreferrer" target="_blank">http://userbase.kde.org</a></div></div></blockquote></div><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">As was pointed out earlier in the thread, you're arguing for security through obscurity:</div><div class="gmail_extra"><br></div><div class="gmail_extra">a. While you're probably not wrong that there are significantly fewer or nearly zero targeted attacks against Konqueror, that isn't the end of the story because: </div><div class="gmail_extra"><br></div><div class="gmail_extra">b. The obvious counterpoint is that the limited number of users and developers means that very few people will be using, testing, and discovering security vulnerabilities, either by running Konqueror or reviewing the code. This makes software less secure, not more secure.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Someone earlier claimed that unless we had proof of CVEs in Konqueror, we shouldn't discuss this point. But the absence of recent CVEs being discovered in Konqueror doesn't mean that there aren't any, it means that no one is spending enough time and effort searching for them to actually find them. That's not a good thing. (In the same sense that no software is expected to be bug-free).</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Aside from the security issue--</div><div class="gmail_extra"><br></div><div class="gmail_extra">As a bystander / Fedora KDE user, I definitely agree that it would be nice if Fedora KDE/Plasma shipped a browser with nice Plasma/Qt integration, but I also have never deliberately used Konqueror and have always replaced it with Firefox and Chromium (obviously not currently an option here) immediately. Especially since I came sideways into KDE from Gnome, where the default browser was Firefox anyway. I suspect many Fedora KDE users, especially newer users, are similar? It's a brief annoyance early on when configuring the system.</div><div class="gmail_extra"><br></div><div class="gmail_extra">I seriously doubt that many people new to KDE and/or Fedora stick with Konqueror these days, but I could be wrong.</div><div class="gmail_extra"><br></div><div class="gmail_extra">So I really don't think it gains Fedora anything to ship Konqueror, specifically, as the default browser in the KDE image. I concede that there might be some gain to shipping a Qt browser of some sort, however.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Ben Rosser</div></div>