On Fri, Mar 5, 2021 at 11:57 am, Philip Hands <p...@hands.com> wrote:
Wouter Verhelst <wou...@debian.org> writes:
On Thu, Mar 04, 2021 at 05:57:15PM -0500, Sam Hartman wrote:
The parts of Debian that are trying to do that are some of the
desktop
environments. So, I'd approach the maintainers of Gnome and KDE
and
see if they are interested in recommending this functionality.
It could also be added to the laptop task, which would mean it
would be
installed by default on all laptops that are installed with
debian-installer
Alternatively, d-i has some hardware detection functionality, to
install
the correct drivers for hardware that is found. One could add
entries
for supported fingerprint readers to the hardware detection in d-i,
and
then install the necessary packages.
The hard part, however, is configuring all this so it works
correctly
out of the box, also for users who don't want to use it.
For users that don't want to use it, I'd suggest that the only correct
answer is for them to never have had the software on their computer at
any point, given that it's security sensitive software, and any bugs
may
well have the potential to hurt.
I presume if one installs this software, that even when the screen is
locked, when someone swipes a finger (or a specifically crafted toxic
pattern for that matter) on the reader, that something will be
provoked
to run that would not have been run if it were not installed.
That seems like an increase in attack surface to me, that we should
not
lightly inflict on unsuspecting users just because *shiny finger
scanner*.
I'd expect that people that want their fingerprint scanners to be in
use
are mostly aware of that fact, so as long as we make the optional
packages easily installable, that seems completely sufficient to me.
From an earlier reply of Mark,
"It's just a case of needing the libfprint and fprintd packages
installed
and then under settings->user you can start registering your prints."
So I think there is still a manual step required before this is active.
