Re: [Setup-tool-hackers] [HST] Plans for coming week - please read



>> - Buttons that don't complete an action immediately, but starts an interface
>>   procedure, like a dialog, should have "..." tacked to the end of their
>>   names.

> I am not sure this is actually useful nowadays.  Although a nice idea
> in principle, nobody ever depends on this on their day to day life.
> It is not a user interface feature that provides any real advantage.

We need an interface design paper that states rigid guidelines for these
things. The "..." thing was brought up by Arturo and (I think) Joakim, and it
sounded reasonable to me - but I agree, I'm not sure everyone cares.


>> - Enable the tools to su themselves, while we wait for a release of
>>   root-manager and/or console-helper. 

> console-helper is part of Red Hat systems and some others.  The idea
> is that instead of installing your program in /usr/bin/prog, you
> install it in /usr/sbin/prog, and you make a link from /usr/bin/prog
> to "consolehelper", that trick will get you the root password
> prompting.

Okay, I'll take care of that before 0.2.1.


>> If that fails, we can just chop
>>   our own heads off and make the tools +s, using a crypt() check.

> Do not do this.  Exploiting set-uid applications is extremely simple,
> and Gtk+ has not been prepared or audited to deal with this situation
> at all.  It is a can of worms that requires extensive training.

You're right, let's not go there.


--
Hans Petter

_______________________________________________
Setup-tool-hackers maillist  -  Setup-tool-hackers@helixcode.com
http://lists.helixcode.com/mailman/listinfo/setup-tool-hackers



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]