Collaboration on standard Wayland protocol extensions
Jasper St. Pierre
jstpierre at mecheye.net
Wed Mar 30 06:33:03 UTC 2016
I really hope that distributions don't see security policies as a
differentiator. This is how we got SELinux vs. AppArmor and real-world
apps having to ship both kinds of policies (or Fedora flat out
ignoring any idea of third-parties and such and including literally
every application ever in its contrib policy file
https://github.com/fedora-selinux/selinux-policy/tree/f23-contrib).
On Tue, Mar 29, 2016 at 11:28 PM, Martin Peres <martin.peres at free.fr> wrote:
> On 30/03/16 01:12, Olav Vitters wrote:
>>
>> On Mon, Mar 28, 2016 at 10:50:23PM +0300, Martin Peres wrote:
>>>
>>> We thus wanted to let distros take care of most of the policies (which
>>> does not amount to much and will likely come with the application
>>> anyway). However, some distros or devices come with a system
>>> that already defines security policies and they will likely not want
>>> a proliferation of storage places. Hence why we allowed for
>>> multiple backends. But this is an exception rather than the rule.
>>
>> Why should every distribution decide on some policy? The default way
>> should work sanely and the way that a user would experience it makes
>> sense. I help out with Mageia (+GNOME), I'm 98% sure Mageia has 0
>> interest in creating/developing such a policy.
>
> In WSM, you can set default behaviours for interfaces. This should cover
> your use case.
>
> However, remember this: If it is not the user or the distribution, then you
> are basically trusting the developer of the application... which basically
> means we are back to the security of X11.
>
>> e.g. Linus complaining about (IIRC) needing to provide a root password
>> after plugging in a printer. If we create such a situation again I might
>> even understand why he's rants :-P
>
> This would be utterly ridiculous, and this is what we addressed here:
> http://mupuf.org/blog/2014/03/18/managing-auth-ui-in-linux/
--
Jasper
More information about the wayland-devel
mailing list