Re: Lockdown stuff

[Ian Peters <itp ximian com>]

On Wed, 2003-10-08 at 11:33, Havoc Pennington wrote:
> Hi,
> 
> Couple small comments - 
> 
> 1. With the new GTK+ 2.4 menu system, admins can get precise menu 
>    control that way, automatically for all menus. This is how it 
>    works in KDE. Either we can say they have to edit the menu layout
>    files, or we can have a little "override" file for each layout
>    that lets you exclude items. This way the lockdown is tied to 
>    the layout files and doesn't get out of sync.

What's the best place to read up on this?

> 2. I agree with Alex 100% that we have to _understand_ (and ideally 
>    even document!) the purpose of each lockdown key. The fastest 
>    way to buggy unmaintainable bloat is the "shotgun" approach 
>    to design, "we don't know what people want so we'll just do   
>    everything."

The KDE clock preferences dialog of lockdown...

> 3. It seems to me that a great start would be to document what 
>    Windows, KDE, etc. offer.

As I mentioned in another message, I can look into playing with some
Windows stuff if need be, and I'll send out some feelers elsewhere
inside Novell to see if they have any resident experts.

> 4. Let's get some simple basics in CVS ASAP. Did George ever 
>    commit anything? We can't afford to block lockdown mode too 
>    long, it needs to be in 2.6 and that means it does need
>    a pragmatic KISS approach to getting it done.
> 
> 5. Where lockdown is supposed to offer real security, OS mechanisms
>    like permissions are preferred; where we're just putting the 
>    user in a padded room, gconf is probably fine.

I think we'll find that the padded room is what people are looking for a
surprising amount of the time.

> 6. I love that people are working on this!

Seconded with a vengeance.

Ian