On 11/24/2015 02:57 PM, Mike Blumenkrantz wrote: > On Mon, Nov 23, 2015 at 10:57 PM Carsten Haitzler <ras...@rasterman.com> > wrote: > >> On Wed, 18 Nov 2015 20:47:24 +0000 Mike Blumenkrantz >> <michael.blumenkra...@gmail.com> said: >> >>> Looking at the current list of reported bugs, there are no open tickets >>> which can be considered as release blockers, nor have there been any such >>> issues reported or handled over the past few weeks. >>> >>> If no one opens a ticket with a release blocking issue, I am expecting to >>> execute this release either next week or the week after depending on my >>> availability. >> one issue - dbus api's for e_remote. >> >> i think we should either remove most (except version check and the >> filemanager >> ones) or move them to msgbus module. the filemanager ones should be rate >> limited. >> >> why? wayland - security. right now our dbus api allows someone to poke >> into e >> and do nasty things. in x11 this is "well DUH it's x11. what's new?" but >> in the >> wayland universe this is not good. >> >> so... >> >> 1. rate limit fileman dbus api's to mitigate them being a dos attack vector >> (i'm going to ignroe for now security issues eg in efm or image loaders >> etc. >> where loading a carefully crafted file will take advantage of a buffer >> overflow >> - i'm going to consider the overflow, if it is there, an existing hole, so >> we >> don't create a new one here) >> > Trivial enough. > > >> 2. remove or move basically all the dbus control methods (remove or move to >> msgbus module). mjaybe only leave version in core methods. >> > Move to msgbus module. This is a useful featureset which is fine in the > hands of a responsible user. The module disabled by default. > > >> 3. make changes to enlightenment_remote script accordingly. >> > No changes should be necessary since all the methods and interfaces don't > need to be renamed. These changes will, however, break the remote when the > module is not loaded. Well thats already needed for stuff like changing a wallpaper I thought it was already needed for all of enlightenment_remote > >> this should ensure e in wayland mode at least has no "pre built in backdoor >> controls". > >> -- >> ------------- Codito, ergo sum - "I code, therefore I am" -------------- >> The Rasterman (Carsten Haitzler) ras...@rasterman.com >> >> > ------------------------------------------------------------------------------ > Go from Idea to Many App Stores Faster with Intel(R) XDK > Give your users amazing mobile app experiences with Intel(R) XDK. > Use one codebase in this all-in-one HTML5 development environment. > Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. > http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140 > _______________________________________________ > enlightenment-devel mailing list > enlightenment-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140 _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
