On Fri, Sep 11, 2015 at 9:16 AM, Michael Catanzaro <mcatanzaro@xxxxxxxxx> wrote: > Hi, > > I will start with a TL;DR summary of my mail: we don't have to sandbox > our xdg-apps, like you say. But if we do, we should only allow running > sandboxed apps, even if it means we lose most of our apps. Otherwise, > the sandbox is pointless. I don't know that this is true. OS X has mandatory sandboxing (App Store apps), and optional sandboxing (everything else). Both of those ecosystems are strong. Maybe they've compromised somewhat the potential security compared to permitting only sandboxed apps, but the reason they've done it this way is the more aggressive alternative would have killed the platform. Now maybe today they could move to App Store only model and have compulsory sandboxing? > On Fri, 2015-09-11 at 07:02 -0400, Josh Boyer wrote: >> Sure, if users >> force install everything then yes they can have their systems owned. >> This has always been true and xdg-apps doesn't present a new wrinkle >> at all here. > > The goal should be to make it sufficiently difficult and scary to force > install things that a large majority of users will decide not to, but > you still can if you really want to. Missing, in my opinion, is application signature verification after installation. I want the option (preferably by default) to know that installed packages haven't been modified after they were installed, not merely that they were considered safe at the time they were installed. -- Chris Murphy -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
