[Sugar-devel] Activity permissions, Object Chooser (was: Re: Advice request: XO sound recording)

James Simmons nicestep at gmail.com
Mon Oct 4 16:16:24 EDT 2010


Sorry about the idiomatic English.  It sounds like what you're saying
the permissions would be and what I would have them be are close
enough, maybe exactly the same.  If I am correct then we could make a
version of the Library Activity that allows a user to specify a list
of Journal objects he is willing to share by selecting them from the
Journal, then share just those objects, as long as he doesn't make the
list and share the objects at the same time.  Does that sound
accurate?  It seems to me that this was what Library version 2 was
supposed to do.

I agree on GNOME 3 making it impossible to write an Activity that
works on new and older versions of Sugar.  For awhile there you could
write an Activity that made the most of whatever version of Sugar was
available and I strove to do that and teach others how to do that.

I'll have to take another look at the Object Chooser.  It won't be for
awhile; the latest version of Linux I run at home is Fedora 11 and I
have other work I want to finish before I upgrade.

James Simmons

> Date: Mon, 04 Oct 2010 19:48:14 +0200
> From: Sascha Silbe <sascha-ml-reply-to-2010-3 at silbe.org>
> Subject: [Sugar-devel] Activity permissions,    Object Chooser (was: Re:
>        Advice request: XO sound recording)
> To: sugar-devel <sugar-devel at lists.sugarlabs.org>
> Message-ID: <1286212879-sup-8905 at twin.sascha.silbe.org>
> Content-Type: text/plain; charset="utf-8"
> Excerpts from James Simmons's message of Mon Oct 04 16:15:32 +0200 2010:
>> If we get to the point where an Activity cannot list
>> out Journal entries (other than using the Object Chooser) at any time
>> then I've got a beef.
> I don't understand the part with the beef, but assume it's meant to
> mean something like an annoyance.
> Activities will always be able to request access to the data store that
> will enable them to list all Journal entries. That request might however
> be denied depending on what other additional permissions they requested.
> So a simple "Journal browser" will always work, but you can't at the same
> time access the network (and maybe other things if we have a reason to
> think the combination is dangerous).
> The purpose is not to annoy anyone, but to protect the user against
> certain threats. The user herself will always be empowered to grant
> additional permissions (this is the "no lockdown" principle [1]). We
> might also consider "blessing" certain activities so they always get
> elevated rights (they would obviously be subjected to stringent
> requirements including extensive peer review). One example of such a
> blessing is the Terminal activity in Sugar 0.82.
>> I have tried the Object Chooser.  In Sugar .82 it had some serious
>> bugs, could not list out only those entries you wanted to look at, and
>> was slow and ugly.
> Please verify whether it works well enough now. The next version of
> Sugar will be based on GNOME 3 (because at least Fedora forces it on
> us), which means it'll probably be practically impossible to write
> activities that work with both the next version of Sugar _and_ Sugar
> 0.82-0.90. So there's no need to avoid something (in activities designed
> for the next version) just because old versions were buggy.
> Please let us know about anything re. the activities API that bugs you.
> Sascha

More information about the Sugar-devel mailing list