Brian, Not shipping the games works too.
Thanks, John Brian Cameron wrote: > > John: > >> Project Private is fine for libgweather. > > Great. > >> It is clear that the network games are not accidentally entered into >> by the user. So I am fine here as well. >> >> We probably need to do something intelligent about the passwords being >> sent over the wire unencrypted. A release note, man page or dialog >> warning prior to send the password is sufficient. If we will have the >> encryption ready soon then release note is sufficient. If we won't >> have this done within a foreseeable future then we should do more. >> If this were a full case I would TCR documentation and TCA a warning >> dialog. Since it is not and I am not willing to derail for an opinion >> please do something reasonable here. > > We could simply avoid shipping the 4 games that support network > gaming features until we do Export Control to support GGZ with > encryption. That wouldn't be a burden. Unfortunately the 4 > games that support network gaming can't be easily configured to > build without GGZ support, so simply turning off the feature isn't > so easy. > > Brian > > >> Brian Cameron wrote: >>> >>> John: >>> >>>> OK. So on the gweather interface we need to document the fact that >>>> the interface is not supported, placed in a demo directory or simply >>>> not ship it. Saying that Volatile is enough is incorrect. >>> >>> In this case, we should probably make it Consolidation Private for >>> now, until it matures a bit more. >>> >>>> In terms of GGZ when one of these games is started is the user >>>> automatically logged into a server? Or do they need to ask to be >>>> logged into a specific server? >>> >>> You need to go to "Game -> Network Game" in the menu, and then >>> actually log into the server via the dialog. Once you log in, >>> then you can find an opponent to play with. So you need to >>> actually log in and select an opponent before you are playing >>> a network game. You are never automatically logged in. >>> >>> However, there is currently no way to configure the games to >>> disable this feature. Perhaps it would be a good idea to add >>> a configuration option so that people who don't want this >>> feature can turn it off. If we made it use GConf, then it >>> would be easy for a sysadmin to set a mandatory configuration >>> option to force the feature to be disabled for all users. >>> >>>> If I am following correctly then there are passwords that are passed >>>> over the wire in clear text because we do not have the encryption >>>> turned on yet. Is that correct? >>> >>> I believe the only passwords are to connect to the game server >>> itself. Michal, if a password were stolen, would a malicious >>> user be able to impersonate someone else? What are the ramifications >>> of this? >>> >>> For example, is chatting supported between opponents who are playing >>> games? If so, then a person could impersonate another player. It >>> might be possible for the malicious person to apply "social networking" >>> skills to get sensitive information about who they are impersonating. >>> >>>> Brian stated that the user can have an intranet server set up. >>>> Is the intranet server automatically started? Or does the system >>>> administrator need to configure and start it? If they need to >>>> start it how is it started, command line, init.d, smf, ...? >>> >>> We do not yet include GGZ server software on Solaris. So if >>> you wanted to set up a GGZ server on an internal network, you >>> would probably need to build the source code yourself, or use >>> a different OS which has the GGZ server already integrated. >>> >>> So, we do not currently support running the server on Solaris, >>> just GGZ clients. >>> >>> Brian >>> >
