On tis, 2015-01-27 at 14:19 -0500, Colin Walters wrote: > On Mon, Jan 19, 2015, at 04:37 AM, Alexander Larsson wrote:
> > Secondly, the other goal is to ensure one app+runtime works on *any* > > system. > > "works" will depend on one's PoV; for some organizations, this TLS > certificate issue will be quite important. Sure, but that doesn't mean the only way to make that work is to expose the full host /etc. > And even if there was just one distribution layout (e.g. /etc/pki was > standard), one still has to account for version skew over time. Say that > an app wants to look for some new system configuration - for example, > http://fedoraproject.org/wiki/Changes/CryptoPolicy > > It'd be possible for the app runtime's openssl/gnutls to have this change, > but the target system not. That's a case where the shared libraries > inside runtimes would need to be prepared to handle arbitrarily old > content in /etc, or alternatively, some sort of versioned ABI, so xdg-app > would error out if the app's runtime required too new of a host. Yeah, this whole area is pretty fucked up. My opinion is that we need to figure out the best way to represent it in the sandbox, and then do whatever mapping is needed from the host system so that it looks right from the point of view of the sandboxed app. This could be done by building xdg-app on the distro with the right configuration given the distro it runs on. But yeah, for future compat we probably need some level of versioning here. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Alexander Larsson Red Hat, Inc [email protected] [email protected] He's a sword-wielding umbrella-wielding senator with no name. She's a cosmopolitan mutant magician's assistant who can talk to animals. They fight crime! _______________________________________________ gnome-os-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-os-list
