RE: Request for comments on security of authentication/authorisation UIs


Questions that come to mind are: should there be a specific place to discuss sandboxing and its 
implications (seems to me all the interested parties are already GNOME devs, except maybe for Dan Walsh 
and Ikey Doherty)? Is this ML ok to use? Do you welcome contributors external to GNOME? The question is 
maybe a bit stupid, but I've had bad experiences with Ayatana and I wouldn't want people to think that I'm 
a guy coming out of nowhere stepping on their toes and contributing nothing useful.

Contributions are absolutely welcome, and we regularly work with other
projects and organisations. This mailing list is fine for this topic,
or the GNOME OS list [1] would also work. We need to coordinate
between a few different projects here, and there are a number of key
individuals that need to be involved in the conversation (Colin
Walters, Alex Larsson, Lennart Poettering, etc). Contacting them
individually might be a good idea; I think that a few of them are busy
with other things right now, but that will hopefully change in the

I keep learning new names! Unsurprisingly it's very hard to find how to contact
Lennart though I obviously would love to hear whether he made any progress since
GUADEC 13. I'll keep these names down somewhere though, thanks.

As with any detailed design discussion, face-to-face discussions are
important also. There might be conversations about this at a couple of
upcoming hackfests [2, 3]. Let me know if you're interested in joining
us in Berlin, since I'm involved in organising that event. It would
also be great if you could come to GUADEC this year [4].

It might be a bit too late for SF :) I'm able to come to Berlin, do you reckon
there will be any time to discuss programming sandboxed apps? If so then I'd like
to join! I also put down the GUADEC dates on my calendar. Will be there, surely.

Would you like me to put these down on a wiki page so we can extend and find for which use cases problems 
arise? This would also reduce the risk of the existing discussions being lost, should other people jump in 
the train and contribute ideas.

You might want to check with the other people involved in this - there
might be some documentation out there already. Eventually it would
definitely be good to have a page for this on the wiki, but we should
ensure that it gets attention from the different parties involved. If
you want to make a start, you could maybe get a draft going in your
personal name space (e.g

I did spot a rudimentary sandbox page in the meantime. I'll probably rewrite one
soon and let you guys know. Thanks for all your useful links Allan!

Steve Dodier-Lazaro
PhD student in Information Security
University College London
Dept. of Computer Science
Malet Place Engineering, 6.07
Gower Street, London WC1E 6BT
OpenPGP : 1B6B1670

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]