Our sandboxed apps won't really protect users (was: Re: Darktable Copr)
Chris Murphy
lists at colorremedies.com
Fri Sep 11 18:37:33 UTC 2015
On Fri, Sep 11, 2015 at 9:16 AM, Michael Catanzaro <mcatanzaro at gnome.org> wrote:
> Hi,
>
> I will start with a TL;DR summary of my mail: we don't have to sandbox
> our xdg-apps, like you say. But if we do, we should only allow running
> sandboxed apps, even if it means we lose most of our apps. Otherwise,
> the sandbox is pointless.
I don't know that this is true. OS X has mandatory sandboxing (App
Store apps), and optional sandboxing (everything else). Both of those
ecosystems are strong. Maybe they've compromised somewhat the
potential security compared to permitting only sandboxed apps, but the
reason they've done it this way is the more aggressive alternative
would have killed the platform. Now maybe today they could move to App
Store only model and have compulsory sandboxing?
> On Fri, 2015-09-11 at 07:02 -0400, Josh Boyer wrote:
>> Sure, if users
>> force install everything then yes they can have their systems owned.
>> This has always been true and xdg-apps doesn't present a new wrinkle
>> at all here.
>
> The goal should be to make it sufficiently difficult and scary to force
> install things that a large majority of users will decide not to, but
> you still can if you really want to.
Missing, in my opinion, is application signature verification after
installation. I want the option (preferably by default) to know that
installed packages haven't been modified after they were installed,
not merely that they were considered safe at the time they were
installed.
--
Chris Murphy
More information about the desktop
mailing list