On 7/20/22 15:56, Michael Catanzaro wrote: > On Wed, Jul 20 2022 at 04:29:40 PM +0200, Kevin Kofler via devel > <devel@lists.fedoraproject.org> wrote: >> That is not a reasonable solution. Those applications need embedded >> HTML in >> the UI, not a separate browser window. And it does not help at all if >> the >> browser that is shelled out to itself uses QtWebEngine. > > I presume it uses a sandboxed multiprocess architecture anyway, like > upstream Chromium. Is it not true? > > If so, it's surely one of the most secure packages we have in Fedora. > Of course, that's no good excuse to fall behind on security updates. > But I have high confidence in Chromium's sandbox.
There have been vulnerabilities, both in Chromium and (I believe) in the kernel, which can be used for sandbox escapes. Those vulnerabilities need to be patched very quickly. -- Sincerely, Demi Marie Obenour (she/her/hers) _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
