Re: Desktop apps interoperability

[Casey Schaufler <casey@xxxxxxxxxxxxxxxx>]

--- Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>
wrote:
> On Wed, Mar 30, 2005 at 09:04:26AM -0800, Casey
> Schaufler wrote:
> 
> > Yes, and I'm sure that you can do a configuration
> > of most application defaults that will be good
> > enough to demo. Application developers tend to
> > have their own ideas regarding data storage and
> > it is a bad idea for a system developer to
> > interfere with said application developer's
> > freedom to inovate.
> 
>  ... application developer's freedom to impose
> insecurity,
>  through ignorance on the part of the app-developer,
> upon
>  the users?

What ignorance? The developer codes to the
published policies (e.g. uids, modes, capabilities)
and everything works *within the published policy*.
Some stranger comes along and without warning
arbitrarily imposes additional policy on the
application that the developer has so carefully
crafted, often without looking at the code to
see what the developer's intent might have been. 
 
>  no offense intended:

None taken. I buy skin thickener in 55 gallon drums.

> freedom in an abstract concept
> [e.g. "the american way"]
> _always_ has limits - laws / rules / policy
> is defined to confine
> that freedom, for good or worse.

Yup. So long as those limits can be known by
the "free" entity all is good. When additional
constraints can be added whimsically there is
bound to be resistance.


Casey Schaufler
casey@xxxxxxxxxxxxxxxx


		
__________________________________ 
Do you Yahoo!? 
Make Yahoo! your home page 
http://www.yahoo.com/r/hs

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.