• mmmm@sopuli.xyz
    link
    fedilink
    arrow-up
    2
    ·
    23 hours ago

    Wondering why they stopped replying. One would imagine they would have a strong and well defined process for security reports, but it just seems like they sad “meh”

    • OctopusNemeses@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      21 hours ago

      KDE has a history of doing that. Plasma widgets are a gaping security hole. You can poke a hole through root. I’m pretty sure you can traverse up the JS object hierarchy from a widget and modify the whole desktop in anyway you want. At least at some point this was possible. A widget can and has deadlocked plasmashell from even loading. Their response was basically “works as intended” and closed the issue.