Yifei Zhan wrote (2022-04-15 13:28 CEST):
> Recently I was surprised by the fact that fcitx by default will save
> clipboard contents to disk, without confirmation/notification. I would
> like to patch out this feature in my fcitx5 port and make it opt-in
> instead of opt-out by default. (fcitx's upstream is unwilling to
> change this)
I think it is generally a good idea to change defaults to more secure
ones and make it a user choice to enable these features again when needed.
> In future I would also like to restrict fcitx's internet/fs access
> using unveil and pledge, but that will break things like cloud inputs
> (sending input strings to google/baidu in realtime)...
>
> so the question is, what's the consensus on patching software to
> remove subjectively harmful features?
I can't speak for everyone, but I'd welcome such a change. Especially
when upstream has shown to be easy with sharing sensible data like
keyboard input with cloud providers.
Best Regards,
Stefan
No comments:
Post a Comment