-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/23/2010 03:27 PM, Robert Collins wrote: > My specific concerns here are: > - will launchpad be safe for our System administrators to use? > - will it be safe for our archive administrators to use? > - will it be safe for any privileged user to use? > > AFAICT the answer is no; with the intended design satisfied any rogue > script can drive a tractor across all of launchpad as that user, and > *thats* why I put the breaks on.
But Leonard makes the case that with the current design, this is also true, so there is no loss of security. He also suggests that this is an inevitable consequence of Gnome's current design, and not something we can fix without significant changes to Gnome. Do you disagree with either of these? If these are true, then granting access to "Apport" is equivalent to granting access to "Ubuntu Desktop", but the latter makes the security implications clearer to users, and is therefore the most secure thing we can do without significant changes to Gnome. Aaron -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkybrJQACgkQ0F+nu1YWqI12sACdGhlxLHHT56mFrl5W6mIixjOp esMAn2fDyJjix/7ud1cyvwap8VGO0Dx/ =itgC -----END PGP SIGNATURE----- _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : launchpad-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
