In the spirit of encouraging wider adoption of KDE, I think a double-down on security aspects would serve KDE well. Plasma’s greatest strength is also something that adds complexity here- for instance, kwin scripts are very powerful but can be used in very bad ways. Additionally, things like sandboxing for thumbnail previews (which are low hanging fruit for vulnerabilities) was mentioned here but nothing seems to have came of it (at least publicly): https://www.reddit.com/r/kde/comments/lwnnka/state_of_plasma_sandboxing_and_other_security/?utm_source=chatgpt.com GNOME, love it or hate it, is sandboxing such things and of course lacks anything like kwin scripts. Perhaps just allowing easy control of that feature (on/off) via lockable GUI for users? COSMIC has a leg up on everything being a grounds-up effort.
Are there any focused discussions to hardening Plasma in the near future?
I don’t see how KWin scripts can be used maliciously without first gaining access to a user’s profile, after which KWin scripts would be the least of your problems. Can you describe a particular attack vector that worries you?
Someone once installed a KWin script which, during activation or installation or whatever (I don’t remember the exact scenario), just pruned the entire hard drive of that computer (as far as I remember) by accident (that was actually NOT intentional; it was a bug with some wildcard).
I think Brodie Robertson made a video about it at some point, but I don’t recall the exact video title / YouTube link.
And after that, everyone was concerned about KWin script security etc.
Ah, so you mean downloading a 3rd party premade script? Yeah, those technically can be bad. its code. Some explicit declaring of permissions would help a lot with user auditing, I think.
I was about to open a thread about changing KDEConnect stock firewall rule (at invent.kde.org/network/kdeconnect-kde/-/blob/master/data/kdeconnect.ufw )
I suggest restricting the source to LAN IP ranges. I was imagining seeing two profiles in the list: “KDEConnect (LAN)” and “KDEConnect (Anywhere)”
Honestly? Once you’re in a situation such as running an application (interpreted or otherwise) or something such as someone getting physical access to the computer, all expectations of security goes out the window. I think that the mentality to NEVER trust anything even if you scanned every single line you wrote yourself is the best defense to have. You just never know. A single typo caused NASA 18 million dollars in 1962.