Ah, That explains it. Thanks! And to semenko too.
I find it a bit weird that it can MITM https://www.google.com/ on Chrome. I thought Chrome did CA-pinning for Google-domains.
GTK indirectly depends on libpng, so that probably wasn't the best example ;) The thing is that Linux distributions traditionally don't make any difference between the OS and apps. Everything is split into relatively…
Can you really? With the external file chooser, the app has no access to user files before a file is picked, then has access to only this one particular file, and after it is closed returns to no access again. How would…
This isn't about isolating users from each other, but isolating different applications running as the same user from each other. X11 (and Unix itself) was not designed to do this. Also, kdbus has nothing to do with…
Yes, I want applications to be able to open files and to work together, but only if that's needed to achive what I want them to do. LibreOffice should be able to open (and read from and write to) any .odt-file that I…
And you're creating a strawman. rodgerd didn't say that the only two options were SysVinit and systemd, but that the loudest critics of systemd wanted to keep SysVinit. Whether that's true or not is another point (and…
I actually don't want all desktop apps to be able to access all my data all the time. E.g. why should LibreOffice be able to access my browsing history, or Gimp be able to read the contacts in my address book, or VLC be…
The main argument against this kind of bundling (apart from higher disk usage) is about security updates of libraries. E.g. if many applications ship their own copy of OpenSSL and another vulnerability is discovered,…
> The average Linux desktop user has legitimate reasons they don't want to sandbox any given desktop app to this extent. Could you expand on that?
Then the media player can read every DVD you put into your drive as long as its running. So you always have to close the media player before inserting a DVD containing private files. That probably isn't that important…
No. Why would it? The user can still grant full access to the machine to applications they trust (like they do now). In fact, the traditional Unix security model (root vs. regular users) was about "not trusting the…
It's not about "not trusting the user", but about the user not having to trust the author of the application.
Ah, That explains it. Thanks! And to semenko too.
I find it a bit weird that it can MITM https://www.google.com/ on Chrome. I thought Chrome did CA-pinning for Google-domains.
GTK indirectly depends on libpng, so that probably wasn't the best example ;) The thing is that Linux distributions traditionally don't make any difference between the OS and apps. Everything is split into relatively…
Can you really? With the external file chooser, the app has no access to user files before a file is picked, then has access to only this one particular file, and after it is closed returns to no access again. How would…
This isn't about isolating users from each other, but isolating different applications running as the same user from each other. X11 (and Unix itself) was not designed to do this. Also, kdbus has nothing to do with…
Yes, I want applications to be able to open files and to work together, but only if that's needed to achive what I want them to do. LibreOffice should be able to open (and read from and write to) any .odt-file that I…
And you're creating a strawman. rodgerd didn't say that the only two options were SysVinit and systemd, but that the loudest critics of systemd wanted to keep SysVinit. Whether that's true or not is another point (and…
I actually don't want all desktop apps to be able to access all my data all the time. E.g. why should LibreOffice be able to access my browsing history, or Gimp be able to read the contacts in my address book, or VLC be…
The main argument against this kind of bundling (apart from higher disk usage) is about security updates of libraries. E.g. if many applications ship their own copy of OpenSSL and another vulnerability is discovered,…
> The average Linux desktop user has legitimate reasons they don't want to sandbox any given desktop app to this extent. Could you expand on that?
Then the media player can read every DVD you put into your drive as long as its running. So you always have to close the media player before inserting a DVD containing private files. That probably isn't that important…
No. Why would it? The user can still grant full access to the machine to applications they trust (like they do now). In fact, the traditional Unix security model (root vs. regular users) was about "not trusting the…
It's not about "not trusting the user", but about the user not having to trust the author of the application.