ubuntu-appstore-developers team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxxxxx>]

On 07/13/2013 10:41 PM, Ted Gould wrote:
> On Fri, 2013-07-12 at 16:14 -0500, Jamie Strandboge wrote:
>> I'm going to add the security section back in because I think it is worth
>> considering the full manifest:
>>
>>      {
>>          "name": "com.ubuntu.apps.camera",
>>          "version": "2.9.1daily13.06.13",
>>          "maintainer": "Ugo Riboni <ugo.riboni@xxxxxxxxxxxxx <mailto:ugo.riboni@xxxxxxxxxxxxx>>",
>>          "title": "Camera application",
>>          "framework": "ubuntu-sdk-13.10",
>>          "applications": {
>>              "camera-app": {
>>                  "type": "desktop"
>>              }
>>          },
>>          "primary-application": "camera-app",
>>          "security": {
>>              "profiles": {
>>                  "camera-app": {
>>                      "policy_groups": [
>>                          "camera",
>>                          "location"
>>                      ],
>>                      "policy_version": 1.0
>>                  }
>>              }
>>          }
>>      }
>>
>> Looking at this, it is clear that "applications" and "profiles" are similar--
>> keys for the applications with properties associated with the key.
> 
> I agree.  Looking at the overall document I'm curious whether there is a 1:1
> ratio between security profiles and applications.  Do you think it would make
> sense to have one profile that could be used for several applications?  Perhaps
> the application entry could have a "security-profile" key if it wanted to reuse
> one, but in the standard case they'd match.  So "camcorder-app" could steal
> "camera-app"s profile.
> 
> In that case we'd definitely be going above and beyond the "easy to hand edit"
> requirement, but it seems like advanced usage.  I'm fine if advanced configs
> require a tool to be easy to edit.
> 
> I think that the rest of these comments probably hinge on your thoughts there,
> so I'll stop, and then pick up these other points depending :-)
> 
Personally, I think this would complicate things quite a bit. A 1 to 1 mapping
of security profile to application makes sense to me. It is simple and I don't
think we would gain a lot by trying to combine them. If there are multiple
binaries, it suggests different permissions anyway. One could argue that when
the permissions are the same, we are breaking our rule of not duplicating
things-- but this is different IMO (we are declaring permissions for each app,
they just happen to be the same as opposed to duplicating the name of the app in
several places such that they all must stay in sync).

Marc?

-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature