From Fedora Project Wiki
No edit summary |
(Clarify question) |
||
Line 7: | Line 7: | ||
* Would adding a per machine signature in there be good? The front ends coded to consume the data don't have to use it if they don't want to clutter their UI but it would let a UI that wanted to inform the user that the machine claiming to be "Secure Corporate Storage" is no longer the same. That seems like it would be a clear improvement over the current situation and make this more worthwhile to announce as a feature. --[[User:Toshio|abadger1999]] 19:08, 20 November 2009 (UTC) | * Would adding a per machine signature in there be good? The front ends coded to consume the data don't have to use it if they don't want to clutter their UI but it would let a UI that wanted to inform the user that the machine claiming to be "Secure Corporate Storage" is no longer the same. That seems like it would be a clear improvement over the current situation and make this more worthwhile to announce as a feature. --[[User:Toshio|abadger1999]] 19:08, 20 November 2009 (UTC) | ||
** Not clear to me how you could do this in a way that actually adds security, at least not without introducing considerable complications that go well beyond TXT records. Also, if you read the referenced xdg-hostname documentation, you'll find that one of the ideas behind display hostnames is exactly to allow replacing the physical machine, while keeping the appearance in the UI the same (since the new machine performs the same function).--[[User:Mclasen|mclasen]] 21:00, 6 December 2009 (UTC) | ** Not clear to me how you could do this in a way that actually adds security, at least not without introducing considerable complications that go well beyond TXT records. Also, if you read the referenced xdg-hostname documentation, you'll find that one of the ideas behind display hostnames is exactly to allow replacing the physical machine, while keeping the appearance in the UI the same (since the new machine performs the same function).--[[User:Mclasen|mclasen]] 21:00, 6 December 2009 (UTC) | ||
*** It's not clear from the documentation on the different pages what exactly this does and what it does not do. In some places it's stated that the typical implementation would be a local mapping between Better Hostnames and machines but in other places, for instance the David's Kitchen Files example, it seems that the Better Hostnames are being propagated out onto the network from the machine that is providing the service. If the latter is the case, then I want to know what the security implications are versus the benefit. ie: It allows anyone to replace David's Kitchen Files with another machine. This is good when that computer breaks and David replaces it transparently to the user. It is bad when someone hops on David's wireless network and substitutes their machine for his and people save sensitive information onto it. --[[User:Toshio|abadger1999]] 18:33, 14 December 2009 (UTC) | |||
* This feature is confusing to me, (judging from today's FESCo meeting transcript, I'm not the only one). I suggest not using the term "Hostname" at all. Windows uses the term "Computer Description", and that sounds similar to what's being described here. --[[User:Ktdreyer|Ktdreyer]] 19:54, 20 November 2009 (UTC) | * This feature is confusing to me, (judging from today's FESCo meeting transcript, I'm not the only one). I suggest not using the term "Hostname" at all. Windows uses the term "Computer Description", and that sounds similar to what's being described here. --[[User:Ktdreyer|Ktdreyer]] 19:54, 20 November 2009 (UTC) | ||
* It would be useful to have an overview of what is the underlying problem xdg-hostname wants to solve. It seem like there are a few assumptions in the proposal that requires validation. Pretty names look nice and all, but hostnames have security related problems. For example trusting Avahi advertized hostnames is an inherent security risk, that's why corporate workstations have avahi completely disabled. I also agree with Ktdreyer that if the point of this xdg-hostname is to just provide a pretty name then xdg-hostname is a bad choice for it. It should be xdg-pretty-machine-nmae or something like that. --[[User:Simo|simo]] 20:25, 20 November 2009 (UTC) | * It would be useful to have an overview of what is the underlying problem xdg-hostname wants to solve. It seem like there are a few assumptions in the proposal that requires validation. Pretty names look nice and all, but hostnames have security related problems. For example trusting Avahi advertized hostnames is an inherent security risk, that's why corporate workstations have avahi completely disabled. I also agree with Ktdreyer that if the point of this xdg-hostname is to just provide a pretty name then xdg-hostname is a bad choice for it. It should be xdg-pretty-machine-nmae or something like that. --[[User:Simo|simo]] 20:25, 20 November 2009 (UTC) |
Latest revision as of 18:33, 14 December 2009
- What about KIO support? And in things like KDM? This calls itself "xdg", but sounds very much GNOME-specific to me. --Kkofler 23:25, 19 November 2009 (UTC)
- It's a D-Bus service, so anything you would want in KDE might use it. --Hadess 00:59, 20 November 2009 (UTC)
- To answer Kevin's question, the GIO api that is mentioned in the feature page is a convenience api so that not every consumer of this needs to talk the dbus api itself. It is really just extending the already-existing g_get_hostname() to cover this. --mclasen 14:41, 23 November 2009 (UTC)
- But did this get some buyin from KDE or any other non-GNOME desktop environment before calling itself cross-desktop? Or is this just "cross-desktop" as in "any desktop could use this, but we don't care if they actually do use it"? --Kkofler 08:24, 5 December 2009 (UTC)
- If the xdg in the name is an unsurmountable hurdle for you, I'd be happy to rename it.--mclasen 20:51, 6 December 2009 (UTC)
- But did this get some buyin from KDE or any other non-GNOME desktop environment before calling itself cross-desktop? Or is this just "cross-desktop" as in "any desktop could use this, but we don't care if they actually do use it"? --Kkofler 08:24, 5 December 2009 (UTC)
- Would adding a per machine signature in there be good? The front ends coded to consume the data don't have to use it if they don't want to clutter their UI but it would let a UI that wanted to inform the user that the machine claiming to be "Secure Corporate Storage" is no longer the same. That seems like it would be a clear improvement over the current situation and make this more worthwhile to announce as a feature. --abadger1999 19:08, 20 November 2009 (UTC)
- Not clear to me how you could do this in a way that actually adds security, at least not without introducing considerable complications that go well beyond TXT records. Also, if you read the referenced xdg-hostname documentation, you'll find that one of the ideas behind display hostnames is exactly to allow replacing the physical machine, while keeping the appearance in the UI the same (since the new machine performs the same function).--mclasen 21:00, 6 December 2009 (UTC)
- It's not clear from the documentation on the different pages what exactly this does and what it does not do. In some places it's stated that the typical implementation would be a local mapping between Better Hostnames and machines but in other places, for instance the David's Kitchen Files example, it seems that the Better Hostnames are being propagated out onto the network from the machine that is providing the service. If the latter is the case, then I want to know what the security implications are versus the benefit. ie: It allows anyone to replace David's Kitchen Files with another machine. This is good when that computer breaks and David replaces it transparently to the user. It is bad when someone hops on David's wireless network and substitutes their machine for his and people save sensitive information onto it. --abadger1999 18:33, 14 December 2009 (UTC)
- Not clear to me how you could do this in a way that actually adds security, at least not without introducing considerable complications that go well beyond TXT records. Also, if you read the referenced xdg-hostname documentation, you'll find that one of the ideas behind display hostnames is exactly to allow replacing the physical machine, while keeping the appearance in the UI the same (since the new machine performs the same function).--mclasen 21:00, 6 December 2009 (UTC)
- This feature is confusing to me, (judging from today's FESCo meeting transcript, I'm not the only one). I suggest not using the term "Hostname" at all. Windows uses the term "Computer Description", and that sounds similar to what's being described here. --Ktdreyer 19:54, 20 November 2009 (UTC)
- It would be useful to have an overview of what is the underlying problem xdg-hostname wants to solve. It seem like there are a few assumptions in the proposal that requires validation. Pretty names look nice and all, but hostnames have security related problems. For example trusting Avahi advertized hostnames is an inherent security risk, that's why corporate workstations have avahi completely disabled. I also agree with Ktdreyer that if the point of this xdg-hostname is to just provide a pretty name then xdg-hostname is a bad choice for it. It should be xdg-pretty-machine-nmae or something like that. --simo 20:25, 20 November 2009 (UTC)