[Sugar-devel] Activity packaging

[Michael Stone]

Bernie wrote:
On Tue, 2010-07-06 at 12:02 -0400, Benjamin M. Schwartz wrote:
>> I think you are missing an important requirement: installation without
>> elevated permissions.
>
> XO and SoaS distributions are configured for sudo with no password.

Yes. However, Uruguay does not maintain this configuration choice.

> Rainbow has been bit-rotting for the past 2 years 

Ahem. Sugar's integration with rainbow has bit-rotted, been rebuilt, and still
received no independent testing despite repeated calls for same.

Rainbow, on the other hand, has seen a major new release, feature development
that spurred new work in general Linux sandboxing, and is now available in more
distributions than ever before thanks to dedicated support by folks like Luke,
Sascha, and Jonas. 

Finally, if rainbow itself now receives little day-to-day attention, this is
because it mostly does what its authors require and it does it well enough not
to require their continued hand-holding. 

> and nobody volunteered to work on it. 

If you check the dates carefully, you'll find that most of my recent work on
rainbow and rainbow/sugar integration has occurred while I was on vacation from
my real job. So please do count that as "volunteer hours".

> The bottom line is that *nowadays*, any activity can escalate root
> privileges.

Sure. And if, by some miracle, Sugar ever becomes *worth* attacking [1], then
we will all rue the day when we had the opportunity to make it safe and chose
not to.

> A non-privileged account can already effectively do anything that a spammer
> would like to do.

And when will you be shipping my prctl(PR_DISABLENETWORK) kernel patch?

(Or have you a better approach?)

> Even in a Rainbow-enabled environment, privileged vs unprivileged
> installation isn't by itself the source of security issues. Packages
> could easily be checked to ensure that all bundled files are within a
> specific path, like we currently do with the zip files. Post-install
> scriptlets can be disabled.

I am still much more satisfied with the approach taken by 0install. [2]

Regards,

Michael

[1]: Except by accident, like with GNOME and Sugar today.

[2]: Thanks again, Aleksey, for pushing this work forward and for all the
improvements you've already contributed back to 0install to make this work
better for us!