+1 John
Brian Cameron wrote: > > To make the security issues with the FreeSound extension more clear, I > updated section 4.7 of the Jokosher ARC materials as follows: > > 4.7 Security Impact: > > The Jokosher FreeSound extension allows users to login to > http://www.freesound.org with a username and password. On > Solaris, the extension is modified to not save the username or > password information in the user's configuration for better > security. > > Note that a FreeSound account allows users to gain access to free > sound samples and to post messages on their forum. > > Also note that the FreeSound website does not use HTTPS, so > accessing the account via the Jokosher extension should have the > same security as accessing it via a normal web browser > application. > > If anyone feels that it would be best to simply remove the FreeSound > extension from Jokosher to avoid any sort of security concerns, that > is also possible. It is a nice-to-have feature, not a critical piece > of Jokosher functionality. > > Brian > > > Brian Cameron wrote: >> Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI >> This information is Copyright 2009 Sun Microsystems >> 1. Introduction >> 1.1. Project/Component Working Name: >> Jokosher >> 1.2. Name of Document Author/Supplier: >> Author: Brian Cameron >> 1.3 Date of This Document: >> 20 May, 2009 >> 4. Technical Description >> Template Version: @(#)sac_nextcase %I% %G% SMI >> This information is Copyright 2008 Sun Microsystems >> >> 1. Introduction >> 1.1. Project/Component Working Name: >> >> jokosher >> >> 1.2. Name of Document Author/Supplier: >> >> Author: Brian Cameron >> >> 1.3 Date of This Document: >> >> 12 May 2009 >> >> 1.4. Name of Major Document Customer(s)/Consumer(s): >> 1.4.1. The PAC or CPT you expect to review your project: >> >> Solaris PAC >> >> 1.4.2. The ARC(s) you expect to review your project: >> >> LSARC >> >> 1.4.3. The Director/VP who is "Sponsoring" this project: >> >> Robert O'Dea >> >> 1.4.4. The name of your business unit: >> >> Software - OPG >> >> 1.5. Email Aliases: >> 1.5.1. Responsible Manager: >> leo.binchy at sun.com >> >> 1.5.2. Responsible Engineer: >> >> brian.cameron at sun.com >> >> 1.5.3 Marketing Manager: >> >> glynn.foster at sun.com >> >> 1.5.4. Interest List: >> desktop-discuss at opensolaris.org >> 2. Project Summary >> 2.1. Project Description: >> >> jokosher is a simple, yet powerful multi-track studio written >> in Python >> that uses GStreamer and gnonlin. With jokosher you can create >> and >> record music, podcasts and more, all from an integrated simple >> environment. It supports recording, editing (e.g. splitting, >> trimming, >> moving), mixing, and exporting audio. It supports all audio >> formats >> that are supported by GStreamer. Users can, for example, >> purchase >> plugins from Fluendo to enable MP3 or WindowsMedia Audio support. >> >> jokosher uses the GPL license and contains a license exception >> which >> allows distribution with non-free GStreamer-plugins. >> >> 4. Technical Description: >> 4.1. Details: >> >> Jokosher provides a multi-track interface for recording and >> mixing >> audio. Jokosher supports two workspace modes: the Recording >> Workspace >> and the Mixing Workspace. The user simply toggles between the >> two >> modes by clicking on the "Audio Mixers" button in the toolbar. >> >> When in the Recording Workspace mode, the user may create >> multiple >> audio tracks. The tracks may either be an existing audio file >> which >> the user can specify, or be an instrument. The instrument >> setting is >> intended to be used when the user intends to record the track >> into >> jokosher. >> Jokosher provides a set of Instrument files, which simply >> specify a >> label and an icon for the instrument. When a track is >> associated with >> an instrument then the track is shown with this label and icon >> so that >> the user can easily determine what instrument is associated >> with each >> track. >> >> When in the Mixing Workspace mode the user can specify the >> volume level >> and balance setting for each track. Once the mix is >> specified, then >> the user can use jokosher's "Mixdown" feature to save the >> final audio >> mix to a file in the desired audio format. The Mixdown dialog >> also >> allows the user to run user-specified scripts to do any >> desired actions >> once the mix is completed, such as to upload the file to a >> server or to >> create a playlist. >> >> Jokosher projects can be saved in a file format with the >> extension >> ".jokosher". When reloaded, the track and mixing settings and >> all >> preferences are restored so a user can continue working on a >> project. >> These files are associated with the MIME type >> "application/x-jokosher". >> >> Jokosher provides extensions which allow third party >> developers to add >> features to Jokosher to make it support file types or support >> additional functionality. Jokosher includes an extensions >> manager >> which allows users to add, remove, or configure extensions. [1] >> >> By default jokosher includes the following extensions: >> >> - A "Set Tempo" extension which allows the user to set the >> tempo for >> a project by clicking on a button on each beat during playback. >> - A "Minimal Mode" extension which changes the UI to a minimal >> appearance >> - An "Instrument Type Manager" extension which allows the user >> to specify the label and icon for new instruments, and to >> delete any >> previously added instruments. >> - A "Search FreeSound" extension which will search the FreeSound >> library of freely licensable and usable sound clips. The >> FreeSound >> library can be found at http://www.freesound.org/. >> - An "Extension Console" which provides a fully functional python >> console with access to the jokosher extension API and jokosher >> internals. Useful for writing or debugging extension code. >> - A "Jokosher D-Bus API" extension which allows other >> processes to call Jokosher extension API functions via D-Bus. >> >> Note that, by default, the jokosher FreeSound extension saves the >> user's FreeSound username and password in plaintext in the user's >> jokosher $HOME configuration. When the plugin is used after >> initial >> login, the username and password values are filled in for the >> user. >> >> However, on Solaris, we will patch the code so that this >> feature is >> disabled, and the FreeSound extension will not save the >> username and >> password information to the user's $HOME directory. This will >> mean >> the user will need to re-enter this information each time they >> restart >> jokosher and wish to use this plugin. >> 4.2. Interfaces: >> Exported Interfaces Stability >> Comments >> ------------------------------------------- ---------- >> ---------------- >> >> /usr/bin/jokosher Volatile Jokosher >> >> application. >> /usr/lib/python2.6/vendor-packages/Jokosher Volatile >> Jokosher python >> >> implementation. >> /usr/share/applications/jokosher.desktop Volatile >> Jokosher desktop >> file. >> /usr/share/gnome/help/jokosher Volatile >> Jokosher help >> files. >> /usr/share/jokosher Volatile Jokosher >> >> internal data. >> /usr/share/jokosher/Instruments Volatile Jokosher >> >> instrument >> files. >> /usr/share/jokosher/extensions Volatile Jokosher >> >> extension files. >> /usr/share/jokosher/pixmaps Project >> Jokosher image >> Private files. >> /usr/share/icons/hicolor/48x48/apps/jokosher.png >> Project Jokosher >> Private >> application >> image. >> /usr/share/pixmaps/jokosher.png Project Jokosher >> Private >> application >> image. >> /usr/share/mime/packages/jokosher.xml Volatile >> Specifies the >> MIME >> type for >> >> jokosher files. >> /usr/share/omf/jokosher Project >> Jokosher OMF >> Private files. >> $HOME/.local/share/jokosher Volatile >> Jokosher user >> >> configuration >> >> SUNWgnonlin Uncommitted Package. >> SUNWjokosher Uncommitted Package. >> >> >> Imported Interfaces Stability Comments >> --------------- --------------- ----------------------- >> GNOME Base Libraries Committed LSARC 2006/202 >> GStreamer Volatile LSARC/2006/202 >> GNonLin Volatile Not yet filed >> Python External PSARC/2005/532 Python >> Evolving Migration from >> /usr/sfw to /usr and >> upgrade to v2.4.x >> gst-python Volatile LSARC 2008/105 >> Pygtk, gnome-python Unstable LSARC 2005/506 >> D-Bus Volatile LSARC 2006/368 >> Python Setuptools Uncommitted PSARC 2008/084 >> >> 4.3. Doc Impact: >> >> jokosher includes Help documentation. Jokosher does not ship >> with any >> developer documentation, but the help files do point to the >> Jokosher >> developer webiste for more information about doing things like >> writing >> extensions. >> >> 4.4. Packaging & Delivery: >> SUNWjokosher - jokosher application. >> >> 4.5. Dependencies: >> >> The ARC case for GNonLin, which is being submitted at the same >> time >> as this case. I will update this section and the Comments >> value for >> GNonLin in the Imported Interface table to include the ARC number >> when available. >> >> 4.6. L10N Impact: >> >> The Desktop team and the G11N are working together to evaluate >> and >> provide I18N/L10N support. >> >> 4.7 Security Impact: >> >> None. >> 5. Reference Documents: >> >> [1] Jokosher Extensions Documentation >> http://userdocs.jokosher.org/Extensions/ >> >> Jokosher Website and User Documentation: >> http://www.jokosher.org/ >> http://userdocs.jokosher.org/ >> >> 6. Resources and Schedule >> 6.4. Steering Committee requested information >> 6.4.1. Consolidation C-team Name: >> Desktop >> 6.5. ARC review type: FastTrack >> 6.6. ARC Exposure: open >> >> >> 6. Resources and Schedule >> 6.4. Steering Committee requested information >> 6.4.1. Consolidation C-team Name: >> Desktop >> 6.5. ARC review type: FastTrack >> 6.6. ARC Exposure: open >> >> _______________________________________________ >> opensolaris-arc mailing list >> opensolaris-arc at opensolaris.org >
