[Sugar-devel] [IAEP] A security vs. functionality question

[Gary C Martin]

Hi Benjamin,

On 6 Aug 2009, at 19:28, Benjamin M. Schwartz wrote:

> To engineers:
> Is sharing an activity a sufficient indication of intent from the  
> user to
> execute a potentially dangerous action, such as sharing Terminal on a
> public collaboration server?  To activate a remote VNC client in  
> Gnome,
> users must fill out this settings panel:
> http://www.bani.com.br/wp-content/uploads/2007/11/vino-p-g.png .   
> Unlike
> an Activity, though, once those settings are made, the desktop is
> permanently shared.  An Activity can easily be stopped by a single  
> click
> at any time.

This seems _highly_ risky to me, and have a fairly low usability value  
as is.

How are two (or more!) remote individuals expected to co-operate and  
share the same command line and not mess up? I can see value in a  
split screen where everyone can see the terminal text, with the split  
screen acting as a chat session, but only the owner able to type in  
the command line area. That way one or more buddies can watch and  
assist the owner performing some task.

FWIW: Terminal is special cased, even in Rainbow, anyone can sudo; rm - 
rf / and wipe the lot.

Regards,
--Gary