Re: spatial stuff detail

From: George <jirka 5z com>
To: Guido Schimmels <guido schimmels freenet de>
Cc: desktop-devel-list gnome org
Subject: Re: spatial stuff detail
Date: Tue, 23 Sep 2003 11:41:46 -0700

On Tue, Sep 23, 2003 at 05:00:35PM +0200, Guido Schimmels wrote:
> And security holes almost always only affect commandline tools and  
> popular shared libraries. How does a remote exploit for GIMP look like?

Like an obscure library doing a buffer overflow on reading an obscure picture
format.  Or some library not handling /tmp correctly.  ANY app can have a
security problem, not just servers or 'command line' tools.  A lot of times
things are found in shared libs and distros update those shared libs, not all
the apps.  It's much faster to update say openssl then all the apps that
might use them.

> >I'd also wonder how you're supposed to handle things like menu
> >entries,
> 
> You start apps by clicking on them in the file-manager. Resting the  
> mouse-pointer of the appdir reveals the tool-tip. Right-click over the  
> appdir and select "Info" for further details. That's how ROX-Filer does  
> it.
> In other words with appdirs and a decent file-manager  *.desktop files
> are redundant.

You are most definately on crack.  The whole point of the recent .desktop
file hooplah is exactly to make applications easy to find and install in the
right place in the menu without user interaction.  You're putting the whole
categorization back unto the user.  And you have suddenly two ways to start
apps rather then one.  Unless you make every app into an appdir, which will
make it impossible to make better categorization for distros and will be a
management headache.  It works for proprietary systems because they ship with
didly-squat instead of the piles of apps that free software systems ship.

> >gconf keys, mime info, help files, etc...  How do they get registered
> >in
> >the first place, and how do they get cleaned up when the application
> >goes away?
> 
> Each ROX-appdir comes with a startup-script (AppRun). In there you can  
> check for these things and issue the necessary commands on first- 
> launch. Global gconf keys may be usefull to enforce a corporate policy.  
> Outside of this realm what's the point. Of course you can always make  
> the script prompt for the root password. Also works for the mime- 
> database. How I deal with help files I have already answered somewhere  
> else in this thread.
> Cleaning up? For ROX-apps: rm -r ~Choices/<Appname>.
> That is why hiding the settings is __BAD__.

But lots of actual settings will be in many random places (because they have
to, either you have the system look in all kinds of random places or you make
the apps do it).  If you just whack the app without running some sort of
post-uninstall script this won't be cleaned up.

George

-- 
George <jirka 5z com>
   I can live with doubt and uncertainty and not knowing. I think it is much
   more interesting to live not knowing than to have answers that might be
   wrong.
                       -- Richard P. Feynman

Follow-Ups:
- Re: spatial stuff detail
  - From: Guido Schimmels

References:
- Re: spatial stuff detail
  - From: Mike Hearn
- Re: spatial stuff detail
  - From: John Siracusa
- Re: spatial stuff detail
  - From: Hongli Lai
- Re: spatial stuff detail
  - From: John Siracusa
- Re: spatial stuff detail
  - From: Sean Middleditch
- Re: spatial stuff detail
  - From: John Siracusa
- Re: spatial stuff detail
  - From: Sean Middleditch
- Re: spatial stuff detail
  - From: Guido Schimmels
- Re: spatial stuff detail
  - From: Matthew Berg
- Re: spatial stuff detail
  - From: Guido Schimmels

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]