Re: Privacy

From: Josh Sled <jsled asynchronous org>
To: Charles Goodwin <charlie xwt org>
Cc: Linas Vepstas <linas linas org>, gnucash-devel gnucash org, Gnome Office <gnome-office-list gnome org>
Subject: Re: Privacy
Date: Tue, 16 Mar 2004 20:56:57 -0500

On Tue, 2004-03-16 at 17:11, Charles Goodwin wrote:

> On Tue, 2004-03-16 at 15:28, Linas Vepstas wrote:
> > Yes, this was discussed to death on the gnucash mailing lists. 
> > -- encryption is not enough if your kid can still delete your data files.
> >    The point is really access control, not encryption per se.
> > -- one should stick to OS-provided security mechanisms for many good reasons
> 
> As you imply, this is the job of the OS and not of the application.

That was the argument on gnucash-user.
http://thread.gmane.org/gmane.comp.gnome.apps.gnucash.user/10141 is
probably the best entry-point into the thread, there.

> And besides, if somebody was that concerned about privacy they simply
> would log out when they're finished and keep that user account private
> and give the (presumably) family members their own user accounts.

That -- very reasonably -- doesn't work for a large class of users.  I
hate logging out ... it stops my music, causes me to miss IRC scrollback
buffers, kills my IM client... all sorts of badness.

> Creating yet another user really won't make the accounts more secure. 
> Just more obscurely located.  I thought only MS practiced security
> through obscurity? ;)

Sure it will; as per your previous statement: using the OS ACL
mechanisms is a very valid access-control mechanism, and is the one that
should be respected.

I think the idea is more a "gnome-standard" way to allow the paradigm of
"use a different user for that purpose".

In any case, it looks like there already is:
http://sourceforge.net/projects/xsu/ though I hate it when a project's
homepage goes away, or doesn't exist in the first place. :(

[BTW, there's nothing wrong with security through obscurity ... it just 
 can't be the _only_ security you have.  Otherwise, pile on the 
 obscurity to slow 'em down. ;) ]

...jsled

-- 
http://www.asynchronous.org/ - `a=jsled; b=asynchronous.org; echo ${a} ${b}`
# A: Because it breaks the flow of normal conversation.
# Q: Why don't we put the response before the request?

Follow-Ups:
- Re: Privacy
  - From: Linas Vepstas

References:
- Re: Privacy
  - From: Linas Vepstas
- Re: Privacy
  - From: Charles Goodwin
- Re: Privacy
  - From: Linas Vepstas
- Re: Privacy
  - From: Charles Goodwin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]