launchpad-dev team mailing list archive

[Aaron Bentley <aaron@xxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/23/2010 03:27 PM, Robert Collins wrote:
> My specific concerns here are:
>  - will launchpad be safe for our System administrators to use?
>  - will it be safe for our archive administrators to use?
>  - will it be safe for any privileged user to use?
> 
> AFAICT the answer is no; with the intended design satisfied any rogue
> script can drive a tractor across all of launchpad as that user, and
> *thats* why I put the breaks on.

But Leonard makes the case that with the current design, this is also
true, so there is no loss of security.  He also suggests that this is an
inevitable consequence of Gnome's current design, and not something we
can fix without significant changes to Gnome.

Do you disagree with either of these?

If these are true, then granting access to "Apport" is equivalent to
granting access to "Ubuntu Desktop", but the latter makes the security
implications clearer to users, and is therefore the most secure thing we
can do without significant changes to Gnome.

Aaron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkybrJQACgkQ0F+nu1YWqI12sACdGhlxLHHT56mFrl5W6mIixjOp
esMAn2fDyJjix/7ud1cyvwap8VGO0Dx/
=itgC
-----END PGP SIGNATURE-----