Default browser in Fedora KDE Plasma
Ben Rosser
rosser.bjr at gmail.com
Sun Aug 9 02:23:43 UTC 2015
On Sat, Aug 8, 2015 at 9:49 PM, Kevin Kofler <kevin.kofler at chello.at> wrote:
> Reindl Harald wrote:
> > Am 08.08.2015 um 02:14 schrieb Kevin Kofler:
> >> Kevin Kofler wrote:
> >>
> >>> Mustafa Muhammad wrote:
> >>>> Some of my points were:
> >>>>
> >>>> 1) Almost dead upstream for Konq, vs thriving upstream for Firefox,
> >>>> Konq may have undiscovered security vulnerabilities, but the limited
> >>>> number of users is hiding them.
> >>>
> >>> The limited number of users also means nobody will be targeting
> >>> Konqueror with attacks. IMHO, this is actually an advantage.
> >>
> >> PS: A Firefox 0-day exploited in the wild:
> >>
> https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
> >> Do we really want to expose our users to such risks?
> >
> > sorry, but *that* is nonsense
> >
> > while i am firefox user and don't like it as default on live-media just
> > because there was a security bug is nonsense as argument, given that we
> > would need to kill nearly any package out of Fedora because all software
> > in the past few years had more or less critical security bugs
>
> The point is, as I wrote, Konqueror is very unlikely to get targeted by an
> attack. Firefox, on the other hand, is an attractive target and does get
> exploited in the wild (as the example has shown).
>
> All software has security holes. But only software with a high market share
> is an interesting attack target.
>
> Kevin Kofler
>
> _______________________________________________
> kde mailing list
> kde at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/kde
> New to KDE4? - get help from http://userbase.kde.org
>
As was pointed out earlier in the thread, you're arguing for security
through obscurity:
a. While you're probably not wrong that there are significantly fewer or
nearly zero targeted attacks against Konqueror, that isn't the end of the
story because:
b. The obvious counterpoint is that the limited number of users and
developers means that very few people will be using, testing, and
discovering security vulnerabilities, either by running Konqueror or
reviewing the code. This makes software less secure, not more secure.
Someone earlier claimed that unless we had proof of CVEs in Konqueror, we
shouldn't discuss this point. But the absence of recent CVEs being
discovered in Konqueror doesn't mean that there aren't any, it means that
no one is spending enough time and effort searching for them to actually
find them. That's not a good thing. (In the same sense that no software is
expected to be bug-free).
Aside from the security issue--
As a bystander / Fedora KDE user, I definitely agree that it would be nice
if Fedora KDE/Plasma shipped a browser with nice Plasma/Qt integration, but
I also have never deliberately used Konqueror and have always replaced it
with Firefox and Chromium (obviously not currently an option here)
immediately. Especially since I came sideways into KDE from Gnome, where
the default browser was Firefox anyway. I suspect many Fedora KDE users,
especially newer users, are similar? It's a brief annoyance early on when
configuring the system.
I seriously doubt that many people new to KDE and/or Fedora stick with
Konqueror these days, but I could be wrong.
So I really don't think it gains Fedora anything to ship Konqueror,
specifically, as the default browser in the KDE image. I concede that there
might be some gain to shipping a Qt browser of some sort, however.
Ben Rosser
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/kde/attachments/20150808/be45c2e3/attachment.html>
More information about the kde
mailing list