General question on D-Bus design considerations

[Lennart Poettering]

On Mon, 23.08.10 22:06, Thiago Macieira (thiago at kde.org) wrote:

> On Monday 23. August 2010 19.22.12 Lennart Poettering wrote:
> > Uh? That's not really true. There is proper nego implemented for the
> > unix fd stuff. Not sure what you are missing?
> 
> I meant in the message format. You know how difficult this is: the dbus-daemon 
> must broker the capabilities. If a message is coming from a service containing 
> an extension, the daemon must check if the receiver can receive it before 
> sending.
> 
> When the message is a signal, there may be a big number of receivers to be 
> tested. Some may receive the message, others won't.
> 
> It would be better if the message format allowed unknown types, which the 
> library would just ignore or skip.

Yeah. Agreed. I guess this is related to the other thing I pointed out:
that the policy design in general requires message verification in a
secure middle party. That's true both for permission verification and
for message validity verification. Would have been cool if both of that
could have happened on the client side.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.