[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ayatana] Farewell to the notification area

To: Mark Shuttleworth <mark@xxxxxxxxxx>
Subject: Re: [Ayatana] Farewell to the notification area
From: "Paulo J. S. Silva" <pjssilva@xxxxxxxxx>
Date: Fri, 23 Apr 2010 07:58:35 -0300
Cc: Ayatana List <ayatana@xxxxxxxxxxxxxxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=VLzDaCzhoztgzAUnXVlTFMxU7ARhSepSTcdAaRGXkAk=; b=dC31+Ju9uZxi0Im3tcOQSd/++Veq2JmTNiORSTRb9e5Zj/BeOTehE7XupBTbQngi/3 bIN5WyW5cMH5pSfCOMugIICIjJkGt2SGzjEu+Untkguz/hv9IEmCC0bxe53SyKnGXhVY VE05pvesOWCvs0Lpbt+OQ2cdoXrjBFO87agcY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=I+gU75DceSk72wlIgKSIR+kkiV7jz915o9Mvvf39oMdji0iH4GEWwIWjMuMgQ4QF+Y 0E5YwvCywhi0f0M0+XhiFQkTO3pUBUIa+ZRsah9ew8Al+n2CAwUF0QGnx1AWqmstfOjY v6dvRQDujYvNYaTH49w+WNGhOvwuRNhZkoru0=
In-reply-to: <4BD160BD.8000807@ubuntu.com>
List-archive: <http://lists.launchpad.net/ayatana>
List-help: <https://help.launchpad.net/ListHelp>
List-id: <ayatana.lists.launchpad.net>
List-owner: <https://launchpad.net/~ayatana>
List-post: <mailto:ayatana@lists.launchpad.net>
List-subscribe: <https://launchpad.net/~ayatana>
List-unsubscribe: <https://launchpad.net/~ayatana>
References: <4BCF639E.1060802@canonical.com> <1271896960.1717.23.camel@medusa> <4BD045B6.7030800@canonical.com> <1271969197.4276.43.camel@medusa> <4BD160BD.8000807@ubuntu.com>

>
> Plus, as I pointed out several months ago, this is a HUGE security hole.
> Passwords should only be given in response to a user initiated
> operation.  Asynchronous dialogs that ask for passwords are a very bad
> precedent for a secure O/S.
>
>
> Best we get those finger-swipe gadgets working, then :-)
>

I beg to agree with Jim. Yes, it is a HUGE security hole waiting to be
used. As I pointed out in an older thread:

http://www.mail-archive.com/ayatana@xxxxxxxxxxxxxxxxxxx/msg00833.html

it is easy to spoof the update manager update dialog inside a web page
using technologies like flash that would probably look
indistinguishable to the real thing. As far as I remember most people
in the thread agreed on the possible security risk associated to the
(not so) new update manager behavior and even an interesting
discussion on allowing password-less updates from trusted repositories
was initiated.

The thread ended up in oblivion as any complains about update manager
behavior though.

best,

Paulo
-- 
Paulo José da Silva e Silva
Professor Associado, Dep. de Ciência da Computação
(Associate Professor, Computer Science Dept.)
Universidade de São Paulo - Brazil

e-mail: pjssilva@xxxxxxxxxx         Web: http://www.ime.usp.br/~pjssilva

References:
- [Ayatana] Farewell to the notification area
  - From: Matthew Paul Thomas
- Re: [Ayatana] Farewell to the notification area
  - From: Jim Rorie
- Re: [Ayatana] Farewell to the notification area
  - From: Matthew Paul Thomas
- Re: [Ayatana] Farewell to the notification area
  - From: Jim Rorie
- Re: [Ayatana] Farewell to the notification area
  - From: Mark Shuttleworth

Prev by Date: Re: [Ayatana] Making workspaces great (branched from "Farewell to the notification area")
Next by Date: Re: [Ayatana] Tagging in Nautilus
Previous by thread: Re: [Ayatana] Farewell to the notification area
Next by thread: Re: [Ayatana] Farewell to the notification area
Index(es):
- Date
- Thread