Re: [Tails-ux] Tightening a bit the Evince and Totem AppArmo…

Delete this message

Reply to this message
Autor: sajolida
Data:  
Dla: Tails user experience & user interface design
Temat: Re: [Tails-ux] Tightening a bit the Evince and Totem AppArmor policy
intrigeri:
>> For more info, please try for example `keyringer internal open
>> credentials` yourself.
>
> <meta> Well, I'm afraid I have to say no here, for my own sake.
> That's a niche use case (you may want to remember why this feature was
> added in the first place, and wonder how many people are aware of it,
> let alone use it; hint: I don't). In this kind of situation, what
> I definitely volunteer for is to translate into AppArmor rules
> whatever exact file access I'm told is needed, but I am *not*
> volunteering to do the initial research myself. I know such
> a statement may seem ridiculous this time, given how easy to test it
> looks like, but I feel the need to draw the line somewhere, because if
> I don't do that, I'm afraid (possibly irrationally) that more and more
> similar responsibilities will be put on my shoulders because oh well,
> is has something to do with AppArmor. Thanks in advance for your
> understanding :)


I wholeheartedly agree with the fact that we shouldn't consider
"AppArmor" = "intrigeri's plate". But here you're the one to take the
initiative to tighten some profiles and risk breaking some use cases.
If I understand correctly, not tightening them doesn't degrade Tails
while doing so might degrade some use cases. So for me it's a bit
different, and I don't want to be responsible for doing too much
unexpected work not to have my use cases broken when using tools
included by default in Tails (be them "popular" or not). Thankfully,
that's not the case here.

--
sajolida