artswrapper defanged
Harri Porten
porten at trolltech.com
Tue Jul 16 15:22:15 BST 2002
On Tue, 16 Jul 2002, Neil Stevens wrote:
> On Tuesday July 16, 2002 02:39, Rik Hemsley wrote:
> > Security should be enabled by default, not disabled.
>
> But you didn't just change defaults, you destructively removed
> features without giving an option to turn them back on! With the job only
> half-done, leaving features removed in this state, your changes are just
> going to get reverted unless you finish the job.
If nobody else finished the job then so be it.
> > How many people need artsd to provide them with 'realtime' sound ?
> > It looks like it's only Brahms users.
>
> I do. And who are you to question what features are needed in Stefan's
> code anyway? Is this about security, or about you imposing your will on
> aRts?
It's about security.
> > And no sane sysadmin will install KDE for her users, because KDE doesn't
> > care about security. It installs useless (to users on such a system)
> > programs suid, requiring her to go and fix the holes.
>
> What do you know about security? You're attempting to apply a blanket
> security model to all KDE users!
So you disagree with a secure setting better being "on" by default ?
Please realize that a lot of other people have code in KDE. A single
problem in a single app can lead to package (or all of KDE) not being
shipped.
> Stop treating security like some magical marketing word that makes everyone
> jump, and think in terms of actual users of KDE. You've already gotten
> support for making the suid install configurable. *That* serves the users
> needs. Why isn't that enough?
As a maintainer of another setuid root app I can assure you that security
is not a magical marketing word. Mario Weilguni have gone through great
pain to make kppp as secure as we can only to ensure safety of our user's
system.
Harri.
More information about the kde-core-devel
mailing list