Re: Collaboration on standard Wayland protocol extensions

["Jasper St. Pierre" <jstpierre mecheye net>]

I really hope that distributions don't see security policies as a
differentiator. This is how we got SELinux vs. AppArmor and real-world
apps having to ship both kinds of policies (or Fedora flat out
ignoring any idea of third-parties and such and including literally
every application ever in its contrib policy file
https://github.com/fedora-selinux/selinux-policy/tree/f23-contrib).

On Tue, Mar 29, 2016 at 11:28 PM, Martin Peres <martin peres free fr> wrote:
> On 30/03/16 01:12, Olav Vitters wrote:
> > On Mon, Mar 28, 2016 at 10:50:23PM +0300, Martin Peres wrote:
> > > We thus wanted to let distros take care of most of the policies (which
> > > does not amount to much and will likely come with the application
> > > anyway). However, some distros or devices come with a system
> > > that already defines security policies and they will likely not want
> > > a proliferation of storage places. Hence why we allowed for
> > > multiple backends. But this is an exception rather than the rule.
> >
> > Why should every distribution decide on some policy? The default way
> > should work sanely and the way that a user would experience it makes
> > sense. I help out with Mageia (+GNOME), I'm 98% sure Mageia has 0
> > interest in creating/developing such a policy.
>
> In WSM, you can set default behaviours for interfaces. This should cover
> your use case.
>
> However, remember this: If it is not the user or the distribution, then you
> are basically trusting the developer of the application... which basically
> means we are back to the security of X11.
>
> > e.g. Linus complaining about (IIRC) needing to provide a root password
> > after plugging in a printer. If we create such a situation again I might
> > even understand why he's rants :-P
>
> This would be utterly ridiculous, and this is what we addressed here:
> http://mupuf.org/blog/2014/03/18/managing-auth-ui-in-linux/



-- 
  Jasper