On Nov 23, 2016 8:11 AM, "Stephen John Smoogen" <smo...@gmail.com> wrote: > > On 23 November 2016 at 09:36, Michael Catanzaro <mcatanz...@gnome.org> wrote: > > On Wed, 2016-11-23 at 09:39 +0100, Florian Weimer wrote: > >> > >> What about the larger picture? Can tracker be made optional again > >> for > >> the GNOME desktop? > >> > >> Thanks, > >> Florian > > > > No, many of our core applications depend on tracker to be able to see > > files, and others (e.g. nautilus) use tracker to make search not take > > forever. I don't think we'll support running without tracker anytime > > soon. If someone wants to work on splitting little-used GStreamer > > plugins into subpackages or sandboxing tracker miners (e.g. maybe with > > SELinux?) that would be a more practical way forward. > > In that case, I expect that we are going to be doing cleanups over and > over again. Because while this time it is Gstreamer it could have been > any one of the myriad other helpers pulled in. The bigger problem is > that the two major defenses of ALSR and DEP can be gotten past. That > will have effects on any security decisions that have thought "too > hard to do realistically so we rely on that". > >
Can we leave tracker enabled but disable literally every miner? AFAIK the mandatory uses of tracker only care about filenames and don't need contents at all. I would go even farther and argue that Fedora should not, by default, ever enable a miner that isn't running in *strict* seccomp mode. If that means that cat pictures aren't identified as such, so be it. And if it means that several Fedora releases go by with a less functional search, that's fine too. --Andy
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
