[Tails-project] Report from GUADEC

このメッセージを削除

このメッセージに返信
著者: Alan
日付:  
To: Public mailing list about the Tails project
古いトピック: Re: [Tails-project] GUADEC
題目: [Tails-project] Report from GUADEC
Hi,

Here is a report from GUADEC, the GNOME Conference.


# Summary

There were a lot of people there for the conference this year (more than
previous years I think). A lot of discussions were about Flatpak, an
application distribution and sandboxing technology. There is a summary
of some interesting talks I attended below. Videos are not yet
available, but should be within a month.

I feel that there was less curiosity about Tails in the informal
discussions than last years. The GNOME community is still a friendly
ambiance though.

I had the occasion to discuss some areas that we are interested in with
the people that work on them, especially during the Unconference days.
See below for the details.


# Talks


## General

GNOME designer Allan Day presented "The GNOME Way". I recommend it,
though his vision is more optimistic than the real state of things.

I recommend "A brief history of GNOME" for those who'd like to learn
about how we got here.


## UI Design

Tobias Bernard presented how animations can have semantics in "Building
interfaces from the future". I recommend it for UI designers. It's
discussing how animations can turn from eye-candy to real UX benefit.


## Security

Mattew Garett presented "Building a secure desktop with GNOME
technology" about what's good and what's still missing to get better
general security in GNOME. I recommend it.

He started by exposing that main issues for him were C and parsing, and
that we can't only count on security fixes after vulnerabilities have
been discovered, but that we must have safeguards.

Security should also be about usability so that it doesn't get disabled.
Flatpak sandboxes, X deletion and work on thumbnailers isolation are
going in the right direction.

On the other hand we're not yet there. Should we have some applications
in Virtual Machines? We are still missing a good free cross-platform
password manager.


### Flatpak sandboxes and portals

The GNOME community puts a lot of effort on Flatpak[1] their application
distribution technology, so there were a lot of talks and discussions
are about it.

Flatpak framework run applications in sandboxes, and have portals to
communicate with the system. It uses cgroups and namespaces with bubblewrap.

However, applications developers can open holes in the sandbox, and it's
why most applications currently work.

Further reading on that topic:


https://blogs.gnome.org/alexl/2017/01/18/the-flatpak-security-model-part-1-the-basics/

https://blogs.gnome.org/alexl/2017/01/20/the-flatpak-security-model-part-2-who-needs-sandboxing-anyway/

https://blogs.gnome.org/alexl/2017/01/24/the-flatpak-security-model-part-3-the-long-game/


### Flatpak and libraries

In "Resurrecting dinosaurs, what can possibly go wrong",
Richard Brown was discussing the limits of Flatpak, especially in terms
of security support and embedded libraries. I found it healthy to have
this questions asked.


### GNOME Shell

They are working on having X-less wayland sessions (not depending on
XWayland). I asked weather it would enable to have a different XWayland
process for each X11 application. It seems we're not yet there, but they
found the idea interesting.


# Fun stuff

In "Seamless integration to hack desktop applications" endless people
have added a "hack button" to some applications, that flips the window
to show source code in GNOME Builder. Impressive!


# Tails-related GNOME tasks


## Let GNOME Disks upstream know we intend to add TrueCrypt support

(https://labs.riseup.net/code/issues/12275)

I discussed with GNOME Disks maintainer Kaï Luke. They are interested by
the feature. There are already support for opening/closing TrueCrypt
volumes in libblockdev:

    https://github.com/storaged-project/libblockdev/issues/200
    https://github.com/storaged-project/libblockdev/issues/240


The missing part is UDisks:

    https://github.com/storaged-project/udisks/issues/282


He offered to work on the GNOME Disk part and can help getting patches
accepted elsewhere.


## Consider replacing Florence with GNOME's own on-screen keyboard

(https://labs.riseup.net/code/issues/8281#note-26)

I discussed the state of on-screen keyboard with Shell maintainer Carlos
Garnacho. Their current plan is to drop caribou entirely and to enter
characters instead of key codes. They are interested to work with us on
the layout issue.

    https://bugzilla.gnome.org/show_bug.cgi?id=660368
    https://bugzilla.gnome.org/show_bug.cgi?id=785677


There are repositories of layouts at
<http://www.unicode.org/repos/cldr/tags/latest/keyboards/android/>. I've
worked on adapting an import script from caribou source, while Carlos
will use these instead of Caribou models in GNOME Shell on-screen keyboard.

After we've worked on that, someone proposed to use onboard instead of
caribou on the GNOME bugzilla... so stay tuned.


# Outreach

One student finishing their GSOC was interested to work on the parts of
GNOME that interests Tails. I discussed with them our list of bugs on
the GNOME bug tracker, as well as our contribute page.


Don't hesitate if you have specific questions.

Cheers