[Kde-pim] KDE-PIM Security R&D
Tobias Koenig
tokoe at kde.org
Tue Jan 22 07:45:06 GMT 2008
On Tue, Jan 22, 2008 at 12:34:59AM -0600, Derek Ditch wrote:
> Greetings KDE-PIM developers,
Hej Derek,
> I suggested KDE4 as a possible project. Obviously KDE4 is a large
> set of code, so we narrowed it down to KDE-PIM. Specifically I think
> we may look at Akonadi. I'm the advocate, so I'm gathering
> information.
>
> My question is if you feel Akonadi is a good candidate for this class.
> Some of the specifications are the impact of security (how
> widespread/how critical), scope of the project (lines of code, release
> cycle) and potential for vulnerabilities (or the amount of impact we
> could have on the project).
Hmm, as Akonadi is running as a user process only where nobody else
except the user has access to (protected by the operating system), I'm
not sure whether it is the right candidate.
Maybe the resources/agents, which access groupware servers could be
checked for security.
> Also, of course, a very important factor is willingness of the
> community to use our fixes.
Fixes are always welcome :)
> I've worked with several small KDE projects in the past, and the last
> item has never been a problem. I've found KDE teams to be very open
> to outside help. Last semester my team did a bit of work on ViewVC
> and the project members didn't seem to be too interested in our work.
:(
> So do you think Akonadi is a good pick, or could you suggest something
> that be more applicable given the guidelines above?
At least you could take a look at Akonadi and tell us whether it has
some problems that could be used by attackers somehow.
Could you give an overview of the types of security issues you are
looking for?
Ciao,
Tobias
--
Separate politics from religion and economy!
The Council of the European Union is an undemocratic and illegal institution!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20080122/a1346fd6/attachment.sig>
-------------- next part --------------
_______________________________________________
KDE PIM mailing list kde-pim at kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/
More information about the kde-pim
mailing list