Re: GTK+-1.2.9 Released



> There may be a clear argument, but I have to say that it is unacceptable to me
> for the GTK team to resort to such nannyisms. While it would not be impossible
> for the Slash'EM development team to comply with this (and it would also have
> some fringe benefits) it would take a huge amount of work - we would have to
> change the graphical interfaces to the game into seperate processes and
> implement a protocol for communicating with the game core via pipes. It is
> quite ridiculus for the GTK team to impose their priorities on us in this way.
> 
> Please provide a mechanism for applications to defeat this check or I will
> have to resort to subverting the getresuid() & getresgid() functions to lie to
> GTK. Should you block this we will simply have to drop support for GTK from
> Slash'EM (and tell our users why) until we can justify the time required to
> meet with your requirements.
> 


It is my understanding that this is a bugfix release, not a release that
will break existing apps. This change does not fix any bugs, but does
break certain apps in a major way. Whether or not they are written
properly is not the issue here, when and where to introduce something
like this is. With the upcoming 2.0 release wouldn't that be the proper
place to introduce this?

I don't think the gtk+ team should be the security police. I think a
warning is as far as any gui toolkit should go with this issue, but if
you feel you must then make this a warning in 1.2.x and then break
things for 2.0 when developers will be re-doing things anyways.

    Stephen





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]