Does KDE Plasma pose a threat?
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 5 of 5
  1. #1
    Join Date
    Dec 2015
    Location
    India
    Posts
    131
    Linux (Fedora) Firefox 61.0

    Does KDE Plasma pose a threat?

    I'm not that familiar with desktop environments. Does KDE Plasma pose a threat?

    Like the creators of KDE have the ability to bundle their software with features which can be used to monitor a person's activity who are using Plasma, provide access to that person's computer? Would they be able to conceal this aspect and do it clandestinely?

    Thanks

  2. #2
    Join Date
    Feb 2005
    Location
    London, UK
    Posts
    739
    Windows 7 Chrome 70.0.3538.110

    Re: Does KDE Plasma pose a threat?

    Quote Originally Posted by noviceFedora
    I'm not that familiar with desktop environments. Does KDE Plasma pose a threat?

    Like the creators of KDE have the ability to bundle their software with features which can be used to monitor a person's activity who are using Plasma, provide access to that person's computer? Would they be able to conceal this aspect and do it clandestinely?

    Thanks
    Not unless they stop posting their source code on github: https://github.com/KDE/plasma-desktop

  3. #3
    Join Date
    Dec 2015
    Location
    India
    Posts
    131
    Linux (Fedora) Firefox 61.0

    Re: Does KDE Plasma pose a threat?

    Quote Originally Posted by HaydnH
    Not unless they stop posting their source code on github: https://github.com/KDE/plasma-desktop
    Thanks for your helpful reply.

    But how can I avoid the possibility of they publishing a different source code on GitHub and sending a different version of their software which may have malicious code. There is no telling that compiled version of the KDE software I receive is based on the source code published on GitHub. Is there a way to avoid such a thing?

  4. #4
    Join Date
    Jun 2005
    Location
    Montreal, Que, Canada
    Posts
    5,541
    Linux (Fedora) Firefox 63.0

    Re: Does KDE Plasma pose a threat?

    The OpenSource software that you get from KDE is the same source code that is distributed around the world. Do you trust Linux?. If you cannot trust KDE, which has started some 20 years ago, then you also cannot trust Gnome or Linux.

    All source code has a digital signature that is created from the KDE release agent. That signature is created by the KDE agent responsible for distribution and that signature cannot be duplicated by someone else. The same taking of a signature is done for all software such as Linux, Gnome, Microsoft and whoever.

    When RedHat downloads the KDE software, each item is verified by the item's digital signature. Immediately, RedHat creates it's own digital signature of the same downloaded items.

    Prior to any KDE or Gnome or Linux software being released, about 1000 users around the world inspect the source code for changes. They use a diff program compare the proposed updated version against their previous version. Diff highlights the source code changes and one can see immediately if the source code has something improper added to it. As the ISPs and other users must protect the servers that will host KDE or Gnome, they do due diligence.

    The executables and libraries are created using the released source code. The executables and libraries created from the signed sources are also signed. Security is akin to Quality Assurance.
    Many ISPs such as RedHat, Microsoft, Ubuntu, SUSE, Debian, use KDE in their servers. Users occasionally recompile the source code to insure that the corresponding libraries bear the ISP's signature after making some changes (logos, etc.) What you get is a "uncorrupted" product.

    Did you note that when you installed a repository, one of the first things that you were asked, is to confirm and install a GPT key. That security key is used to check everything that you download from that repository.

    I hope I have put your concerns to rest.
    Leslie in Montreal

    Interesting web sites list
    http://forums.fedoraforum.org/showth...40#post1697840

  5. #5
    Join Date
    Dec 2013
    Location
    United Kingdom
    Posts
    6,602
    Linux Firefox 63.0

    Re: Does KDE Plasma pose a threat?

    Quote Originally Posted by noviceFedora
    Is there a way to avoid such a thing?
    Categorically not and quite frankly the same applies to any package (or set of packages) on any operating system be it opensource or proprietary.

Similar Threads

  1. [SOLVED]
    Possible threat?
    By robertdaleweir in forum Security and Privacy
    Replies: 0
    Last Post: 14th January 2016, 07:33 PM
  2. so... linux is not a threat...
    By solo2101 in forum Wibble
    Replies: 2
    Last Post: 17th August 2011, 11:01 AM
  3. Mac Malware Becoming a Serious Threat
    By pete_1967 in forum Wibble
    Replies: 17
    Last Post: 24th May 2011, 02:48 PM
  4. Threat?
    By Paquito in forum Using Fedora
    Replies: 9
    Last Post: 10th July 2008, 08:09 PM
  5. The threat from Apple
    By hlfmanhlfamzng in forum Linux Chat
    Replies: 41
    Last Post: 13th June 2005, 03:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •