[IAEP] [Sugar-devel] [SLOBS] Long-term support for Sugar
Martin Dengler
martin at martindengler.com
Mon Sep 21 19:21:38 EDT 2009
On Mon, Sep 21, 2009 at 07:01:13PM -0400, Bernie Innocenti wrote:
> El Mon, 21-09-2009 a las 23:47 +0100, Martin Dengler escribió:
> > The whole point of Rainbow is that what I think you're talking about
> > isn't an issue, and it's encouraged that kids share Activities.
> > Eliminating this sharing ability is one of the problems with the
> > current rpm / PackageKit proposals AIUI.
>
> Currently, Rainbow is a much weaker protection than, say, the Javascript
> sandbox of a browser. And, realistically, it will never get close to be
> that good.
Well I'll leave that to the real experts.
> Besides, the way you *install* a program does not affect the way you
> *run* it.
>
> I could install the same malicious program by unpacking a zip file
> or an rpm (which is a cpio archive with a header).
I believe the statement I was replying to can be summarised by "let's
think about the usage of rpm so as not to open ourselves up to
malware", and so Rainbow is in scope. Admittedly, I was reading into
that vague statment. If you are just concerned with the message to
which the message I replied to was replying, which was about %post
scripts, sure.
> What could be achieved with the .xo bundles that couldn't be achieved
> with an rpm?
Given both involve Turing-complete languages, nothing. Given that one
works now and one involves lots of work, everything. Rhetorically,
point taken. Practically, nothing's changed.
Actually, I take that back. You're now talking about tieing Sugar
activities to rpm, which is a whole set of code / practices, instead
of the current XO format, right? So what was a downstream choice (how
to package activities) now becomes fixed? Or are you proposing
Fructose is distributed in a distro-specific way, and just
non-Fructose Activities as rpms?
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.sugarlabs.org/archive/iaep/attachments/20090922/7568fa0d/attachment.pgp
More information about the IAEP
mailing list