artswrapper defanged
Kurt Granroth
granroth at kde.org
Fri Jul 19 17:22:37 BST 2002
On Friday 19 July 2002 12:22 am, Stefan Westerfeld wrote:
[snip pretty well written description of the problem]
> But well, if consensus is that security is more important in sane
> defaults than usability or user friendliness, then I think that making
> this step a lot more explicit would be the only way to go. It will lead
> to bug reports "can't get my sound right" and to frustrated users who
> don't write bug reports, and never find the problem, but if security
> against local denial of service attacks is the topmost goal, then thats
> the way to go.
With all the thousands of words written on this subject, it all comes down
to this last paragraph. Do we, as KDE, want to put priority on "security"
over "usability".. and I hope that the answer is a resounding YES!
I realize that security and ease-of-use are often polar opposites. To go to
an extreme, you can have a system like Lindows that is doubtlessly the
easiest Linux system to use but will likely allow the user to shoot
themself and everybody else in the foot much too easily. On the flip side,
we have the "secure" distros (mostly for firewalls and the like) that lock
everything down.. but are a pain to use.
KDE, as a desktop, needs to be more aware of the balance between the two
than most. So far, I think we've done a pretty good job of it.
The one thing that we've always kept in mind, though, is that we should
*never* have a security hole enabled by default. Too many users won't ever
read security advisories and fewer yet will actually fix it.
The "Right Way(tm)" to handle things like this, then, is to disable the
problematic behavior by default and give the user the choice to explicitely
enable it. In this case, hopefully the only people that would enable the
feature would be those that understood it's implications and needed it's
functionality.
--
Kurt Granroth - "KDE -- Conquer Your Desktop"
KDE Developer/Evangelist | granroth at kde.org
http://www.granroth.org | kurt at granroth.org
More information about the kde-core-devel
mailing list