Re: Collaboration on standard Wayland protocol extensions
- From: "Jasper St. Pierre" <jstpierre mecheye net>
- To: Martin Peres <martin peres free fr>
- Cc: kwin kde org, "desktop-devel-list gnome org" <desktop-devel-list gnome org>, "wayland-devel lists freedesktop org" <wayland-devel lists freedesktop org>
- Subject: Re: Collaboration on standard Wayland protocol extensions
- Date: Tue, 29 Mar 2016 23:33:03 -0700
I really hope that distributions don't see security policies as a
differentiator. This is how we got SELinux vs. AppArmor and real-world
apps having to ship both kinds of policies (or Fedora flat out
ignoring any idea of third-parties and such and including literally
every application ever in its contrib policy file
https://github.com/fedora-selinux/selinux-policy/tree/f23-contrib).
On Tue, Mar 29, 2016 at 11:28 PM, Martin Peres <martin peres free fr> wrote:
On 30/03/16 01:12, Olav Vitters wrote:
On Mon, Mar 28, 2016 at 10:50:23PM +0300, Martin Peres wrote:
We thus wanted to let distros take care of most of the policies (which
does not amount to much and will likely come with the application
anyway). However, some distros or devices come with a system
that already defines security policies and they will likely not want
a proliferation of storage places. Hence why we allowed for
multiple backends. But this is an exception rather than the rule.
Why should every distribution decide on some policy? The default way
should work sanely and the way that a user would experience it makes
sense. I help out with Mageia (+GNOME), I'm 98% sure Mageia has 0
interest in creating/developing such a policy.
In WSM, you can set default behaviours for interfaces. This should cover
your use case.
However, remember this: If it is not the user or the distribution, then you
are basically trusting the developer of the application... which basically
means we are back to the security of X11.
e.g. Linus complaining about (IIRC) needing to provide a root password
after plugging in a printer. If we create such a situation again I might
even understand why he's rants :-P
This would be utterly ridiculous, and this is what we addressed here:
http://mupuf.org/blog/2014/03/18/managing-auth-ui-in-linux/
--
Jasper
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]