[Sugar-devel] OLPC's XO-1.5 software plan.

Michael Stone michael at laptop.org
Sat May 16 17:59:11 EDT 2009


> What is the status of rainbow within this? 

Do you mean "rainbow", "Sugar activity isolation", or something broader still?

If you actually mean "rainbow", then you could you please to review

  http://wiki.laptop.org/go/Rainbow

and ask a more specific question, so that I can answer it there? (I believe
that I've updated it several times since we last spoke...)

If, on the other hand, you're really asking about "Sugar activity isolation",
or, more generally, "Sugar security", then you're in a bit of a bind...
because, as far as I can tell, there is no consensus within the Sugar community
about what security model defines the minimum standard of security that Sugar
itself must provide by default in all settings in which it is deployed.

(I, understandably, advocate for a far-reaching minimum standard.)

Evidence:

  * "activity isolation", as implemented in sugar-0.82.* in terms or rainbow,
    was removed from sugar-0.84 without, so far as I can tell, much mention
   
  * no public replies:

    http://lists.sugarlabs.org/archive/sugar-devel/2009-May/014273.html
    http://lists.sugarlabs.org/archive/sugar-devel/2009-April/013732.html
    http://lists.sugarlabs.org/archive/sugar-devel/2009-March/012387.html

  * lots of replies, no action in the subsequent three months in response to my
    documentation improvements and further queries listed above:

    http://lists.sugarlabs.org/archive/sugar-devel/2009-February/012187.html
   
Finally, if you mean "something broader" like, say, "what security features do
OLPC's customers require (sic. desire) from their distro?", then could you
please elaborate?

Regards,

Michael


More information about the Sugar-devel mailing list