On Thu, 2016-04-21 at 07:32 -0400, Bastien Nocera wrote: > * How do we know what authorisations each application needs to be > able to run properly? > How do we avoid applications overreaching and asking for access for > things they don't > need, or silently failing to work because the xdg-app bundle didn't > offer enough? > > If we're going to have to manually create the manifests to list > those, what difference would it make compared to doing those in their > respective upstreams? In general, the desired end-game is that application authors take responsibility for making xdg-apps available for their own applications. These active and interested application authors are also the ones I expect to take interest in modifying applications to take advantage of sandboxing. But what we're really targeting here is all the other applications - how do we get an xdg-app available for bzflag or exmh without creating a whole new packaging, security updating, etc, infrastructure going? I expect mostly that the metadata will be pretty permissive - that most of these apps will need access to $HOME, to the X socket, but yes, we do need it there. The approach I'm taking to metadata is to have a json file is to have a stripped-down version of the xdg-app-builder json file, that can live in dist-git along side the spec file. Attached is the one I used for an initial build of eog; it would be nice if we could get it even smaller without complicated boilerplate for DConf, etc. - Owen
Attachment:
eog.json
Description: application/json
-- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/desktop@xxxxxxxxxxxxxxxxxxxxxxx
