[RFC] Security and Features in KPDF

Michael Nottebrock michaelnottebrock at gmx.net
Mon Jan 3 02:39:13 GMT 2005

On Monday, 3. January 2005 02:58, Brad Hards wrote:
> On Mon, 3 Jan 2005 11:08 am, Ingo Klöcker wrote:
> > Unfortunately, Stephan's suggestion is also not a very good solution
> > because you can be sure that several distributions will make "kpdf
> > --script %u" the default for PDF "because it's so convenient".
> As the other side of this, how about only allowing a whitelist of "safe"
> options. 

Ah, the Outlook approach. :-)

FWIW, I don't think there's a solution really. Tobias thinks it looks bad if 
kpdf can't launch an executable or a script, others think it looks bad if it 
can. Both are right - the question is which crowd do you we all want to 
please, the one that likes smooth automagic presentations or the one that 
will pass off KDE as a reimplementation of Microsoft's biggest security 
bloopers over it. I'm convinved both those crowds exist and have their share 
of vocal evangelists.

Since there can be no agreement, I guess the best course of action would be 
"do nothing" (stick to principles, set a precendence, cut short discussion).

The second best one is probably the well-hidden non-default option (you can at 
least divert the blame to the respective distro if they choose to turn it on 
by default and a spectacular exploit appears).

   ,_,   | Michael Nottebrock               | lofi at freebsd.org
 (/^ ^\) | FreeBSD - The Power to Serve     | http://www.freebsd.org
   \u/   | K Desktop Environment on FreeBSD | http://freebsd.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20050103/93c86828/attachment.sig>

More information about the kde-core-devel mailing list