Re: Collaboration on standard Wayland protocol extensions



On Sun, Mar 27, 2016 at 7:33 PM, Drew DeVault <sir cmpwn com> wrote:
On 2016-03-27  4:41 PM, Jasper St. Pierre wrote:

What are your specific concerns with it? I would tend to agree. I think
that it's not bad as an implementation of this mechanic, but I agree
that it's approaching the problem wrong. I think it would be wiser to
start with how clients ask the compositor for permissions and how they
receive them, then leave the details libwsm implements up to the
compositors.

I think a protocol extension would work just fine to implement a
permission requesting/granting dialogue between clients and compositors.

That's what we should be doing, and that's why I'm not a huge fan of
WSM -- it provides a solution for the stuff that doesn't matter, and
doesn't make any progress on the part we need to tackle. I won't enjoy
using libwsm because it adds complexity and error cases (e.g. what
happens with no modules, like on a misconfigured system?), without
solving the actual problem.

Also, as I've mentioned in my emails before, APIs aren't exclusively
used through Wayland, they might also be on other systems like DBus,
which already has its own confusing policy system. It gets even worse
when protocols might cross both systems. So libwsm is already far in
the negative points bucket to me -- a Wayland-protocol centric
solution that ignores other IPCs and APIs, is configurable for no
purpose as far as I can tell, and still doesn't have an approachable
story about how it provides more security to the user.

I would rather the effort be spent making secure interfaces, exactly
as you've described.

--
Drew DeVault



-- 
  Jasper


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]