Hi "bassmadrigal",

Yes, I agree:
If Konqueror was a monolithic program, then not using it would be easy --> one could ignore it, or remove it with no concern of breaking anything.

However, Konqueror is not monolithic --- it is /usr/bin/konqueror", and at least three libraries: "khtml", "webkit", and "kjs". These libraries are available for use by all other software which runs on the computer, and it appears that at least some of these libraries are obsolete. Since I am aware of the Spectre attack which is implemented using JavaScript, I have been concentrating my investigation on "kjs".

Did you know Blink is a fork of the WebCore part of Webkit; and WebKit has two parts WebCore and JavaScriptCore, which are forks of "khtml" and "kjs"? It is not clear what the developers of all this software are doing, however it appears that some of the new code for Blink is being backported into WebKit, and that some of the new code for WebKit was being backported into "khtml" up until it was discontinued (I read "khtml" was discontinued on 2019/Dec/14).

I think it is very important that the libraries of KDE do not have vulnerabilities. It appears that a few years ago the developers of KDE4 essentially put KDE4 out to pasture (from what I read, KDE4 gets very little attention (which is reasonable for something that has been put out to pasture)).

I am somewhat aware of KDE5/Plasma, and have read that there is some large difficulty with getting KDE5 and Slackware to work together. Somewhere over the last few months I came across a good article or weblog entry about this difficulty, and now I can not find this in order to re-read it. :-(

AlienBob provides step-by-step instructions on how to remove kde4 and then install kde5, for Slackware-current. Once installed kde5 works.
It comes down to a matter of personal preference.
Some users like kde5, some do not.

The README file at the following link is updated from time to time, so check back every now and then.
http://alien.slackbook.org/ktown/current/latest/

1 members found this post helpful.

Hi "cwizardone",

Thank you for the URL
alien.slackbook.org/ktown/current/latest/. I compared this to
alien.slackbook.org/ktown/14.2/latest/.

I realize that many people have said to cease with 14.2, and to use -current instead. If the candidate computer was only a single computer for me, then I would consider doing so, despite it being well understood that using development grade software for production-use computers is not a good idea --- because it would be only my stuff which would be trashed if something went wrong. However, I maintain quite a few Slackware 14.2 computers for other people, and I think it would be inappropriate for me to put -current on their production computers.

From my reading about KDE4, I think at least some parts of it are so obsolete that these are no longer reasonable to use on production-grade computers. Based on the earlier posts in this thread, and based on my other reading, it appears to me that KDE4 was put out to pasture several years ago, and these days gets little to no inspection for vulnerabilities, and any fixing of KDE4 by the developers is on the back-burner (which is reasonable for software in the pasture).

So, it appears to me:
(a) AlienBOB says KDE-5_17.11 for Slackware 14.2 is not fit to use, because 5_17.11 has not been maintained in several years;
(b) at least some important parts of KDE4 are obsolete; and
(c) Slackware-current is not reasonably suitable for production use.

According to my recollection, for Slackware 14.2, the article I [have] not yet been able to find again said that AlienBOB stopped on the version of KDE5 which he did (5_17.11), because later versions of KDE5 were <impossible(?), very difficult(?), (I do not remember)> to install on Slackware 14.2.

[Edit: added missing word.]

1 members found this post helpful.

Hi AlienBOB,

Thank you for the URL to your article. I recognize this article, and it is the one which I have been wanting to read again. :-)

Thank you for all the work you have put into KDE5 over the years, and for your enhancement of Slackware.

I don't know of any browsers that rely on the KDE libraries that aren't a part of KDE itself.

Yes, There has been a lot of forks over the years, but blink is probably quite a bit different now than when it was originally forked. KHTML was forked to webkit by Apple, which was then forked to blink by Google.

There's really only 3 major engines that led to what we have today (which is really based off of 2 engines). Gecko is the longtime engine of Mozilla, Trident is the engine for Internet Explorer (which has been discontinued as they've switched to Edge, which is now using Blink), and KHTML, which as I mentioned, led to webkit (still in use by Apple for iOS browsers and Safari on other platforms), then to blink.

The browsing libraries that are vulnerable appear to only be used when using the browsers included with KDE are used. If you aren't using Konqueror and are using Chrome/Firefox/Vivaldi/etc, those are not using the vulnerable libraries in KDE and are only tied to the vulnerabilities that might be in the browsers themselves.

Pat hasn't announced why Plasma5 hasn't made it into -current yet. It's been speculated that he was waiting on certain other things to present in -current before adding Plasma5 (and xfce-4.14) and many speculate that it was waiting for PAM to be added (once we found out that Pat was working on it). It is obvious that Plasma5 works without PAM as Alien has been providing packages for quite some time without PAM. Hopefully PAM was the hindrance and he's now working in the background to get Plasma5 to the level he wants to to get it added to Slackware.

I wonder what engine chrome and chromium are using (and deratives, of course).

Chromium (and all projects based off of it like Chrome, Vivaldi, Microsoft Edge, Opera, and several more) all use the Blink web engine.

1 members found this post helpful.