Brian, Project Private is fine for libgweather.
It is clear that the network games are not accidentally entered into by the user. So I am fine here as well. We probably need to do something intelligent about the passwords being sent over the wire unencrypted. A release note, man page or dialog warning prior to send the password is sufficient. If we will have the encryption ready soon then release note is sufficient. If we won't have this done within a foreseeable future then we should do more. If this were a full case I would TCR documentation and TCA a warning dialog. Since it is not and I am not willing to derail for an opinion please do something reasonable here. Thanks, John Brian Cameron wrote: > > John: > >> OK. So on the gweather interface we need to document the fact that >> the interface is not supported, placed in a demo directory or simply >> not ship it. Saying that Volatile is enough is incorrect. > > In this case, we should probably make it Consolidation Private for > now, until it matures a bit more. > >> In terms of GGZ when one of these games is started is the user >> automatically logged into a server? Or do they need to ask to be >> logged into a specific server? > > You need to go to "Game -> Network Game" in the menu, and then > actually log into the server via the dialog. Once you log in, > then you can find an opponent to play with. So you need to > actually log in and select an opponent before you are playing > a network game. You are never automatically logged in. > > However, there is currently no way to configure the games to > disable this feature. Perhaps it would be a good idea to add > a configuration option so that people who don't want this > feature can turn it off. If we made it use GConf, then it > would be easy for a sysadmin to set a mandatory configuration > option to force the feature to be disabled for all users. > >> If I am following correctly then there are passwords that are passed >> over the wire in clear text because we do not have the encryption >> turned on yet. Is that correct? > > I believe the only passwords are to connect to the game server > itself. Michal, if a password were stolen, would a malicious > user be able to impersonate someone else? What are the ramifications > of this? > > For example, is chatting supported between opponents who are playing > games? If so, then a person could impersonate another player. It > might be possible for the malicious person to apply "social networking" > skills to get sensitive information about who they are impersonating. > >> Brian stated that the user can have an intranet server set up. >> Is the intranet server automatically started? Or does the system >> administrator need to configure and start it? If they need to >> start it how is it started, command line, init.d, smf, ...? > > We do not yet include GGZ server software on Solaris. So if > you wanted to set up a GGZ server on an internal network, you > would probably need to build the source code yourself, or use > a different OS which has the GGZ server already integrated. > > So, we do not currently support running the server on Solaris, > just GGZ clients. > > Brian >
