artswrapper defanged

[Kurt Granroth]

On Friday 19 July 2002 12:22 am, Stefan Westerfeld wrote:
[snip pretty well written description of the problem]
> But well, if consensus is that security is more important in sane
> defaults than usability or user friendliness, then I think that making
> this step a lot more explicit would be the only way to go. It will lead
> to bug reports "can't get my sound right" and to frustrated users who
> don't write bug reports, and never find the problem, but if security
> against local denial of service attacks is the topmost goal, then thats
> the way to go.

With all the thousands of words written on this subject, it all comes down 
to this last paragraph.  Do we, as KDE, want to put priority on "security" 
over "usability".. and I hope that the answer is a resounding YES!

I realize that security and ease-of-use are often polar opposites.  To go to 
an extreme, you can have a system like Lindows that is doubtlessly the 
easiest Linux system to use but will likely allow the user to shoot 
themself and everybody else in the foot much too easily.  On the flip side, 
we have the "secure" distros (mostly for firewalls and the like) that lock 
everything down.. but are a pain to use.

KDE, as a desktop, needs to be more aware of the balance between the two 
than most.  So far, I think we've done a pretty good job of it.

The one thing that we've always kept in mind, though, is that we should 
*never* have a security hole enabled by default.  Too many users won't ever 
read security advisories and fewer yet will actually fix it.

The "Right Way(tm)" to handle things like this, then, is to disable the 
problematic behavior by default and give the user the choice to explicitely 
enable it.  In this case, hopefully the only people that would enable the 
feature would be those that understood it's implications and needed it's 
functionality.
-- 
Kurt Granroth - "KDE -- Conquer Your Desktop"
KDE Developer/Evangelist | granroth at kde.org
http://www.granroth.org  | kurt at granroth.org