artswrapper defanged

[Harri Porten]

On Tue, 16 Jul 2002, Neil Stevens wrote:

> On Tuesday July 16, 2002 02:39, Rik Hemsley wrote:
> > Security should be enabled by default, not disabled.
> 
> But you didn't just change defaults, you destructively removed 
> features without giving an option to turn them back on!  With the job only 
> half-done, leaving features removed in this state, your changes are just 
> going to get reverted unless you finish the job.

If nobody else finished the job then so be it.

> > How many people need artsd to provide them with 'realtime' sound ?
> > It looks like it's only Brahms users.
> 
> I do.  And who are you to question what features are needed in Stefan's 
> code anyway?  Is this about security, or about you imposing your will on 
> aRts?

It's about security.

> > And no sane sysadmin will install KDE for her users, because KDE doesn't
> > care about security. It installs useless (to users on such a system)
> > programs suid, requiring her to go and fix the holes.
> 
> What do you know about security?  You're attempting to apply a blanket 
> security model to all KDE users!

So you disagree with a secure setting better being "on" by default ?
Please realize that a lot of other people have code in KDE. A single
problem in a single app can lead to package (or all of KDE) not being
shipped.

> Stop treating security like some magical marketing word that makes everyone 
> jump, and think in terms of actual users of KDE.  You've already gotten 
> support for making the suid install configurable.  *That* serves the users 
> needs.  Why isn't that enough?

As a maintainer of another setuid root app I can assure you that security
is not a magical marketing word. Mario Weilguni have gone through great
pain to make kppp as secure as we can only to ensure safety of our user's
system.

Harri.