Re: When is pappl going to be good enough to replace cups?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, May 25, 2021 at 10:03:13AM +0200, Björn Persson wrote:
> None of that answers the question: How can I tell whether the printer
> I'm sending to is on an untrusted network, on an imaginary network
> created for a USB printer, or on a 1980s-style isolated LAN? Will the
> name of the network interface be displayed when I choose a printer?
> Will there at least be a visible difference between a permanently
> configured printer and an auto-found printer, so I can continue to have
> my printer configured and know that I'm sending to that one?

If the printer is not on a local [1] network, then it won't appear 
automagically. Those that do appear show up as "queuename at host" or 
"mfg_model_hostname" (for native IPP printers, there's usually a partial 
MAC address in there by default too) Queues you create 
manually/permanently can be called whatever you want and point wherever 
you want.  The standard GTK print dialog doesn't include any indication 
where a given printer identifier points, but others might.

> Do I need to explain, detail by detail, the errors in the reasoning
> "People don't print on untrusted networks. Therefore any network with a
> printer on it is trusted.", or can people see the logical flaws on
> their own?

Trusted or not, "people need to print to something on their local 
network" is the overwhelmingly common use case.

Meanwhile, CUPS's auto-discovery mechanisms have _always_ assumed the 
local network can be trusted.  And if you don't trust the network, 
firewall off mDNS/browsed/whatever, and/or don't print to printers you 
don't recognize.  

Sure, someone could be spoofing a specific printer name/identifier just 
so they can capture a document *you* want to print, but if there's that 
level of persistant hostile presence on your local network, you're 
already completly screwed.

[1] "local" means the local broadcast domain.

 - Solomon
-- 
Solomon Peachy			      pizza at shaftnet dot org (email&xmpp)
                                      @pizza:shaftnet dot org   (matrix)
High Springs, FL                      speachy (freenode)

Attachment: signature.asc
Description: PGP signature

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux