[IAEP] [Sugar-devel] [SLOBS] Long-term support for Sugar

Martin Dengler martin at martindengler.com
Mon Sep 21 19:05:32 EDT 2009


On Mon, Sep 21, 2009 at 11:54:09PM +0100, Peter Robinson wrote:
> On Mon, Sep 21, 2009 at 11:47 PM, Martin Dengler
> <martin at martindengler.com> wrote:
> > On Mon, Sep 21, 2009 at 05:15:31PM -0500, Yamandu Ploskonka wrote:
> >> Chris Ball wrote:
> >> > Hi,
> >> >
> >> >    > TBH I'm not 100% sure on that as I'm not a PackageKit developer
> >> >    > but I believe that is addressed by ConsoleKit and as its in use
> >> >    > on Fedora and I'm pretty sure Ubuntu and others (and I'm pretty
> >> >    > sure its an external dependency of gnome too) I'm sure that issue
> >> >    > has been addressed.
> >> >
> >> > My understanding is that the developers consider it addressed by
> >> > "%post runs as root, and if you don't like it then don't install RPMs
> >> > [from untrusted sources]".  So, we need to find out what's up there.
> >> >
> >> > - Chris.
> >>
> >> Very good point you make.  It gets complicated as the users - kids -
> >> have not been shown they get it regarding giving their full name, age
> >> and address and some even phone number, so it is unlikely they will deal
> >> safely with the nuances of "untrusted sources".
> >> It would be sort of a shame that the first massive attack of malware on
> >> Linux platforms happened under our watch...
> >
> > The whole point of Rainbow is that what I think you're talking about
> > isn't an issue, and it's encouraged that kids share Activities.
> > Eliminating this sharing ability is one of the problems with the
> > current rpm / PackageKit proposals AIUI.
> 
> How is the sharing implemented currently?  [...]  except for the
> hack to the mime type in the browse activity.

Sorry, I wasn't explaining very well.  I meant both "running
lightly-trusted Activities is much safer / encouraged due to Rainbow's
protections" and "because [of that], it's feasible to ask kids to
share Activities [that are not rpm packages]".

I'm not saying we couldn't move from here (xo bundles,
Rainbow-as-currently-implemented) to there (rpm, PackageKit), but that
it seems like a step backwards and nobody seems to be doing the work
(whereas Rainbow gets worked on from time to time).

> Peter

Martin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.sugarlabs.org/archive/iaep/attachments/20090922/8c06a383/attachment.pgp 


More information about the IAEP mailing list