On Thu, Dec 4, 2014 at 6:25 PM, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote: > On Thu, Dec 04, 2014 at 05:10:32AM -0500, Daniel J Walsh wrote: >> As I found when I wrote the SELinux Sandbox. The Linux Desktop is a >> "cess pool" of communication and attempting to sandbox apps will have >> unexpected consequences. > > But we don't have to start with the muck at the bottom. :) We can > containerize the things that are easy and decompose the things which > aren't as easy and ship, still ship them as modular components, and > either just run them or build up whatever light sandboxing makes sense, > and then move things to be more _actually_ containerized as possible. Right. I didn't mean to suggest everything to should be containers or nothing. I meant we should be able to do a layered approach to providing things, however that makes sense now, and then move towards more sandboxing/containers over time. The benefit and focus would be to prevent 3 products from doing the same work 3 times. Create a base, add the product layers, profit (or in our case maybe "reduce technical debt" or some other fancy catch phrase). josh -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
