@Martin Peres: Your ideas are nice in theory, but as Sebastian Wick already said, it is just not practical.
If you want a specific example, I have one: https://github.com/MaartenBaert/ssr The sole purpose of this application is to record the screen (i.e. take 30 screenshots per second). People are using this - the latest version has been installed about 13.000 times on Ubuntu alone (and that number is still growing). I know that's not a lot in the big picture, but clearly it is not an 'extremely rare case'. I really want to add Wayland support to this application. In fact that's why I'm here, discussing an API to authenticate my program so I can actually start to think about adding Wayland support. Your answer seems to be that the user should continuously hold down a button on their keyboard in order to record their screen. That's just not acceptable. I will simply have to tell users to disable the security features in Weston completely so they can use my application - and most of them will probably have no problem with that, because the average user doesn't care about security, especially when it is something trivial like the ability to take screenshots. Seriously - a rogue application can install a keylogger <https://github.com/MaartenBaert/wayland-keylogger>, steal my saved passwords and browser cookies, ssh and pgp keys, delete all my files and even my backups, but luckily it can't take screenshots! I do not want to tell users to disable security features, but if these features make it completely impossible for an application to function, then I have no choice. It seems like your proposed solution is to take away all control from the user for their own good, and that is just not going to work. Any security feature that stops the user from doing something he/she wants will be disabled by the user. The Wayland compositor will never be able to anticipate all possible use cases and allow only those while blocking all other uses, You can't block all possible malicious use cases without also blocking a significant number of normal use cases. You cannot design a secure desktop that is fully idiot-proof and still usable. You have to assume that the administrator knew what he was doing when he installed application X, and trust that application to do what the user wants. Maarten Baert
_______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/wayland-devel
