From kde-core-devel Fri Jul 19 16:22:37 2002 From: Kurt Granroth Date: Fri, 19 Jul 2002 16:22:37 +0000 To: kde-core-devel Subject: Re: artswrapper defanged X-MARC-Message: https://marc.info/?l=kde-core-devel&m=102709585217108 On Friday 19 July 2002 12:22 am, Stefan Westerfeld wrote: [snip pretty well written description of the problem] > But well, if consensus is that security is more important in sane > defaults than usability or user friendliness, then I think that making > this step a lot more explicit would be the only way to go. It will lead > to bug reports "can't get my sound right" and to frustrated users who > don't write bug reports, and never find the problem, but if security > against local denial of service attacks is the topmost goal, then thats > the way to go. With all the thousands of words written on this subject, it all comes down to this last paragraph. Do we, as KDE, want to put priority on "security" over "usability".. and I hope that the answer is a resounding YES! I realize that security and ease-of-use are often polar opposites. To go to an extreme, you can have a system like Lindows that is doubtlessly the easiest Linux system to use but will likely allow the user to shoot themself and everybody else in the foot much too easily. On the flip side, we have the "secure" distros (mostly for firewalls and the like) that lock everything down.. but are a pain to use. KDE, as a desktop, needs to be more aware of the balance between the two than most. So far, I think we've done a pretty good job of it. The one thing that we've always kept in mind, though, is that we should *never* have a security hole enabled by default. Too many users won't ever read security advisories and fewer yet will actually fix it. The "Right Way(tm)" to handle things like this, then, is to disable the problematic behavior by default and give the user the choice to explicitely enable it. In this case, hopefully the only people that would enable the feature would be those that understood it's implications and needed it's functionality. -- Kurt Granroth - "KDE -- Conquer Your Desktop" KDE Developer/Evangelist | granroth@kde.org http://www.granroth.org | kurt@granroth.org