[IAEP] [Sugar-devel] [SLOBS] Long-term support for Sugar

Martin Dengler martin at martindengler.com
Mon Sep 21 19:21:38 EDT 2009

On Mon, Sep 21, 2009 at 07:01:13PM -0400, Bernie Innocenti wrote:
> El Mon, 21-09-2009 a las 23:47 +0100, Martin Dengler escribió:
> > The whole point of Rainbow is that what I think you're talking about
> > isn't an issue, and it's encouraged that kids share Activities.
> > Eliminating this sharing ability is one of the problems with the
> > current rpm / PackageKit proposals AIUI.
> Currently, Rainbow is a much weaker protection than, say, the Javascript
> sandbox of a browser.  And, realistically, it will never get close to be
> that good.

Well I'll leave that to the real experts.

> Besides, the way you *install* a program does not affect the way you
> *run* it.
> I could install the same malicious program by unpacking a zip file
> or an rpm (which is a cpio archive with a header).

I believe the statement I was replying to can be summarised by "let's
think about the usage of rpm so as not to open ourselves up to
malware", and so Rainbow is in scope.  Admittedly, I was reading into
that vague statment. If you are just concerned with the message to
which the message I replied to was replying, which was about %post
scripts, sure.

> What could be achieved with the .xo bundles that couldn't be achieved
> with an rpm?

Given both involve Turing-complete languages, nothing.  Given that one
works now and one involves lots of work, everything.  Rhetorically,
point taken.  Practically, nothing's changed.

Actually, I take that back. You're now talking about tieing Sugar
activities to rpm, which is a whole set of code / practices, instead
of the current XO format, right?  So what was a downstream choice (how
to package activities) now becomes fixed?  Or are you proposing
Fructose is distributed in a distro-specific way, and just
non-Fructose Activities as rpms?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.sugarlabs.org/archive/iaep/attachments/20090922/7568fa0d/attachment.pgp 

More information about the IAEP mailing list