+ 1
--Irene
On Tue, 2008-03-25 at 16:23 -0700, John Fischer wrote:
> Brian,
>
> Not shipping the games works too.
>
> Thanks,
>
> John
>
> Brian Cameron wrote:
> >
> > John:
> >
> >> Project Private is fine for libgweather.
> >
> > Great.
> >
> >> It is clear that the network games are not accidentally entered into
> >> by the user. So I am fine here as well.
> >>
> >> We probably need to do something intelligent about the passwords being
> >> sent over the wire unencrypted. A release note, man page or dialog
> >> warning prior to send the password is sufficient. If we will have the
> >> encryption ready soon then release note is sufficient. If we won't
> >> have this done within a foreseeable future then we should do more.
> >> If this were a full case I would TCR documentation and TCA a warning
> >> dialog. Since it is not and I am not willing to derail for an opinion
> >> please do something reasonable here.
> >
> > We could simply avoid shipping the 4 games that support network
> > gaming features until we do Export Control to support GGZ with
> > encryption. That wouldn't be a burden. Unfortunately the 4
> > games that support network gaming can't be easily configured to
> > build without GGZ support, so simply turning off the feature isn't
> > so easy.
> >
> > Brian
> >
> >
> >> Brian Cameron wrote:
> >>>
> >>> John:
> >>>
> >>>> OK. So on the gweather interface we need to document the fact that
> >>>> the interface is not supported, placed in a demo directory or simply
> >>>> not ship it. Saying that Volatile is enough is incorrect.
> >>>
> >>> In this case, we should probably make it Consolidation Private for
> >>> now, until it matures a bit more.
> >>>
> >>>> In terms of GGZ when one of these games is started is the user
> >>>> automatically logged into a server? Or do they need to ask to be
> >>>> logged into a specific server?
> >>>
> >>> You need to go to "Game -> Network Game" in the menu, and then
> >>> actually log into the server via the dialog. Once you log in,
> >>> then you can find an opponent to play with. So you need to
> >>> actually log in and select an opponent before you are playing
> >>> a network game. You are never automatically logged in.
> >>>
> >>> However, there is currently no way to configure the games to
> >>> disable this feature. Perhaps it would be a good idea to add
> >>> a configuration option so that people who don't want this
> >>> feature can turn it off. If we made it use GConf, then it
> >>> would be easy for a sysadmin to set a mandatory configuration
> >>> option to force the feature to be disabled for all users.
> >>>
> >>>> If I am following correctly then there are passwords that are passed
> >>>> over the wire in clear text because we do not have the encryption
> >>>> turned on yet. Is that correct?
> >>>
> >>> I believe the only passwords are to connect to the game server
> >>> itself. Michal, if a password were stolen, would a malicious
> >>> user be able to impersonate someone else? What are the ramifications
> >>> of this?
> >>>
> >>> For example, is chatting supported between opponents who are playing
> >>> games? If so, then a person could impersonate another player. It
> >>> might be possible for the malicious person to apply "social networking"
> >>> skills to get sensitive information about who they are impersonating.
> >>>
> >>>> Brian stated that the user can have an intranet server set up.
> >>>> Is the intranet server automatically started? Or does the system
> >>>> administrator need to configure and start it? If they need to
> >>>> start it how is it started, command line, init.d, smf, ...?
> >>>
> >>> We do not yet include GGZ server software on Solaris. So if
> >>> you wanted to set up a GGZ server on an internal network, you
> >>> would probably need to build the source code yourself, or use
> >>> a different OS which has the GGZ server already integrated.
> >>>
> >>> So, we do not currently support running the server on Solaris,
> >>> just GGZ clients.
> >>>
> >>> Brian
> >>>
> >
