There's a couple of issues with moblin-applets that I'd prefer to discuss before getting it into the archive. The first of these is the modification of the hildon-desktop statusbar config. Shipping a copy in hildon-desktop and then modifying it in the moblin-applets postinst would result in a conflict every time the file changes in the hildon-desktop package. Diversions work badly with conffiles, so I'd be interested in opinions on how to handle this situation.
The other is the mechanism for raising privileges in order to do things like changing the time or static network configuration. The current solution involves editing sudoers. I'm not happy about this for a couple of reasons. Firstly, sudoers is a critical system file. The install script is careful to work on a backup and ensure that it's syntactically correct before overwriting the original, but there's still the potential for loss of information here. Secondly, it results in the ume user being granted rights to run these gtk applications as root. In the default case this probably isn't an issue (given that ume has sudo access anyway), but in the (admittedly unlikely) event of the package being installed on a multiuser system then any user that happens to be called "ume" would effectively gain root (gtk is not heavily security audited). A better solution would involve separation of privileges, with the privileged operations being carried out by a suid backend with careful validation of all input. However, I appreciate that implementing this before gutsy is probably unrealistic. What do other people think? -- Matthew Garrett | [EMAIL PROTECTED] -- Ubuntu-mobile mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-mobile
