Hi Sri,
> We talked about application sandboxing quite a bit with Lennart and we have a
> plan of action. I don't know
> if Lennart is coming to the Dev experience hackfest but if he is, you are
> welcome to engage with him about it.
> Sri
Thanks for keeping me in the loop. I'll check with L
On Apr 9, 2014 2:41 AM, "Allan Day" wrote:
>
> Hey Steve,
>
> Dodier-Lazaro, Steve wrote:
> ...
> >> As with any detailed design discussion, face-to-face discussions are
> >> important also. There might be conversations about this at a couple of
> >> upcoming hackfests [2, 3]. Let me know if you'
Hey Steve,
Dodier-Lazaro, Steve wrote:
...
>> As with any detailed design discussion, face-to-face discussions are
>> important also. There might be conversations about this at a couple of
>> upcoming hackfests [2, 3]. Let me know if you're interested in joining
>> us in Berlin, since I'm involve
On Sun, Apr 6, 2014 at 6:28 PM, Dodier-Lazaro, Steve
wrote:
>> You might want to check with the other people involved in this - there
>> might be some documentation out there already. Eventually it would
>> definitely be good to have a page for this on the wiki, but we should
>> ensure that it ge
Hi,
>> Questions that come to mind are: should there be a specific place to discuss
>> sandboxing and its implications (seems to me all the interested parties are
>> already GNOME devs, except maybe for Dan Walsh and Ikey Doherty)? Is this ML
>> ok to use? Do you welcome contributors external t
Dodier-Lazaro, Steve wrote:
...
>>> One does one keep informed about this? Where do I sign up?
>>
>> That's a good question. You can subscribe to the wiki page that I
>> linked to, follow this mailing list, and follow Planet GNOME. I'm sure
>> that there will be traffic on this topic once we make
rain and
contribute ideas.
Thanks,
--
Steve Dodier-Lazaro
PhD student in Information Security
University College London
Dept. of Computer Science
Malet Place Engineering, 6.07
Gower Street, London WC1E 6BT
OpenPGP : 1B6B1670
____________
From: Allan Day
Sent: 01 April 2014 0
Dodier-Lazaro, Steve wrote:
...
>> I'm afraid we don't currently have a clear plan for how all the pieces
>> will fit together, but we do have ideas and are looking to develop a
>> concrete plan for the UX in the near future.
>
> One does one keep informed about this? Where do I sign up?
That's a
> Hi Steve,
>
> This is exactly the sort of design I love to see, and it's what I was strongly
> pushing for. This sort of an approach of designing APIs after use cases on a
> one-by-one basis is what GNOME design is about, and it makes me a lot more
> comfortable than a generic request/response sy
> Hey Steve!
Hi Allan,
> Thanks for reaching out about this. Speaking from a design point of
> view, having a more rigorous security model is something that we are
> extremely interested in at the moment, and this is something that
> Wayland has an obvious part to play in. There are also other
>
Hi Steve,
This is exactly the sort of design I love to see, and it's what I was
strongly pushing for. This sort of an approach of designing APIs after use
cases on a one-by-one basis is what GNOME design is about, and it makes me
a lot more comfortable than a generic request/response system.
I'm
Hi!
> Hi, I was lucky that you raised this here, as I missed the thread at
> wayland-dev. The thread and the posts are long, but I would like to share my
> first comments.
Sorry about that :)
> [...]
> 1. From [1], the list of privileged interfaces you provide is the following:
> "Screenshot
>>> Additionally, there should probably be one more requirement added to
>>> http://mupuf.org/blog/2014/03/18/managing-auth-ui-in-linux/#5-security-requirements
>>> This being the ability for a non-privileged application to access stored
>>> secrets (e.g. passwords stored in a password manager).
>
> Hi Steve,
>
> We've talked about this somewhat before on the Wayland ML. You proposed some
> ability to decouple the security policy from the compositor with Wayland
> Security Modules. My opinion is still the same as before: it's a mistake to
> decouple the security policy and desktop environ
> cc'ing gnome-keyring-l...@gnome.org
>
> On 03/26/2014 10:56 AM, Dodier-Lazaro, Steve wrote:
> > Hello,
> >
> > [...]
> >
>
> Great article (erm...I mean paper)!
>
> I strongly urge you to watch Stef Walter's talk from this past summer's
> GUADEC:
> http://www.superlectures.com/guadec2013/mor
Hey Steve!
Thanks for reaching out about this. Speaking from a design point of
view, having a more rigorous security model is something that we are
extremely interested in at the moment, and this is something that
Wayland has an obvious part to play in. There are also other
technologies that will
On Fri, Mar 28, 2014 at 10:39 AM, Dodier-Lazaro, Steve <
s.dodier-lazaro...@ucl.ac.uk> wrote:
> > cc'ing gnome-keyring-l...@gnome.org
> >
> > On 03/26/2014 10:56 AM, Dodier-Lazaro, Steve wrote:
> > > Hello,
> > >
> > > [...]
> > >
> >
> > Great article (erm...I mean paper)!
> >
> > I strongly urge
Hi, I was lucky that you raised this here, as I missed the thread at
wayland-dev. The thread and the posts are long, but I would like to
share my first comments.
On 03/26/2014 03:56 PM, Dodier-Lazaro, Steve wrote:
> Hello,
>
> Currently on the Wayland ML, a bunch of devs are discussing security
>
Hi Steve,
We've talked about this somewhat before on the Wayland ML. You proposed
some ability to decouple the security policy from the compositor with
Wayland Security Modules. My opinion is still the same as before: it's a
mistake to decouple the security policy and desktop environment. The two
cc'ing gnome-keyring-l...@gnome.org
On 03/26/2014 10:56 AM, Dodier-Lazaro, Steve wrote:
> Hello,
>
> Currently on the Wayland ML, a bunch of devs are discussing security
> issues [0,1] and the need to restrict userland processes' privileges to
> e.g., take screenshots, act as virtual keyboards or
20 matches
Mail list logo
