On Mon, Sep 21, 2009 at 11:54:09PM +0100, Peter Robinson wrote: > On Mon, Sep 21, 2009 at 11:47 PM, Martin Dengler > <mar...@martindengler.com> wrote: > > On Mon, Sep 21, 2009 at 05:15:31PM -0500, Yamandu Ploskonka wrote: > >> Chris Ball wrote: > >> > Hi, > >> > > >> > > TBH I'm not 100% sure on that as I'm not a PackageKit developer > >> > > but I believe that is addressed by ConsoleKit and as its in use > >> > > on Fedora and I'm pretty sure Ubuntu and others (and I'm pretty > >> > > sure its an external dependency of gnome too) I'm sure that issue > >> > > has been addressed. > >> > > >> > My understanding is that the developers consider it addressed by > >> > "%post runs as root, and if you don't like it then don't install RPMs > >> > [from untrusted sources]". So, we need to find out what's up there. > >> > > >> > - Chris. > >> > >> Very good point you make. It gets complicated as the users - kids - > >> have not been shown they get it regarding giving their full name, age > >> and address and some even phone number, so it is unlikely they will deal > >> safely with the nuances of "untrusted sources". > >> It would be sort of a shame that the first massive attack of malware on > >> Linux platforms happened under our watch... > > > > The whole point of Rainbow is that what I think you're talking about > > isn't an issue, and it's encouraged that kids share Activities. > > Eliminating this sharing ability is one of the problems with the > > current rpm / PackageKit proposals AIUI. > > How is the sharing implemented currently? [...] except for the > hack to the mime type in the browse activity.
Sorry, I wasn't explaining very well. I meant both "running lightly-trusted Activities is much safer / encouraged due to Rainbow's protections" and "because [of that], it's feasible to ask kids to share Activities [that are not rpm packages]". I'm not saying we couldn't move from here (xo bundles, Rainbow-as-currently-implemented) to there (rpm, PackageKit), but that it seems like a step backwards and nobody seems to be doing the work (whereas Rainbow gets worked on from time to time). > Peter Martin
pgpra6qtnmGyf.pgp
Description: PGP signature
_______________________________________________ IAEP -- It's An Education Project (not a laptop project!) IAEP@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/iaep