[sugar] Initial Security Patches

[Michael Stone]

Sounds mostly good to me.

Michael

On Wed, Aug 01, 2007 at 02:04:00PM +0200, Marco Pesenti Gritti wrote:
> OK. So how do we get there? My feeling is that we should do it in three steps:
> 
> 1
> 
> * Remove the factory service from Sugar and move to
> one-instance-per-process. (Btw service_name in the activity.info
> wouldn't make a lot of sense anymore, we should probably rename to
> bundle_id or bundle_name).
> * Implement a single instance mechanism in Browse and Etoys.

Agreed.

> 
> 2
> 
> * Plug in the security service, enabled conditionally if the Bitfrost
> service exist.

Agreed, but since this is conditional, I think we should do this as soon
as I manage to produce acceptable patches.


> 3
> 
> * Do some testing and when stuff works well enough enable the Bitfrost
> service by default on the images.
> 
> Since one-instance-per-process is a Trial-3 goal, I don't see a lot of
> value in trying out Bitfrost + multiple instance factory before. We
> would risk to end up debugging something quite different from the
> final thing.

Fair enough, but the changes in Rainbow required to drop support for the
current factory system are minimal; we basically just drop the lines
that send the `create' message on the session bus, instead passing the
instance dict on the command line. (Hence we need to agree on an
argument passing convention.)