synaptic on 17.10

Colin Watson cjwatson at ubuntu.com
Fri Feb 2 11:27:59 UTC 2018 

On Fri, Feb 02, 2018 at 11:46:48AM +0100, Liam Proven wrote:
> On 2 February 2018 at 10:43, Colin Watson <cjwatson at ubuntu.com> wrote:
> > Regardless of how you want to paraphrase, if the author hadn't accepted
> > it as a bug, he'd have closed it.  He didn't.
> [...]
> > That's a pretty slanted paraphrasing.  Anyway, software development
> > often involves accepting reality and the need to keep up with changes
> > elsewhere.  The King Cnut approach is rarely productive.
> 
> To para 2:
> 
> *Open-mouthed in astonishment*
> 
> I can't see how _else_ anyone can interpret it, TBH.

Michael is saying that he doesn't have time for it right now, but is
happy to mentor somebody else doing the work.  That's a pretty common
response to things you accept are bugs but that will take more time than
you have available at the moment.

Perhaps it's just my idiolect, but your paraphrasing sounded much more
like "it's too much work [so I'm ruling it out of scope for this
project]".

> To para 1:
> 
> Like a lot of FOSS, AFAIK, he's a volunteer doing it because he wants
> to. A new environment he didn't pick or want breaks his app, but it
> still works fine on the one it was written for. Why should he do all
> this work?

You seem pretty determined to put an "all Wayland's fault"
interpretation on this, but this is a very different tone from the one
that the maintainer actually took on the bug report.  Michael isn't
saying "why should I do this?" (and I don't think he needs people to say
that for him), but rather "sorry, I have too much else on my plate right
now".  Readers can judge for themselves, I suppose.

Also, once again, it's revisionist history to claim that this is all
Wayland's fault and that everything was just fine in X.  Yes, there is a
long history of running X clients as root, but there's a long history of
all sorts of things that have turned out to be a bad idea as the study
of computer security has evolved.  Running the whole of an X client as
root rather than designing a properly-targeted
principle-of-least-privilege interface to do just what you need as root
is asking for terrible bugs, partly because the state of X security
means that any other client can trivially inject input events and so
forth, and partly because toolkits typically aren't designed with the
expectation of running as root (so you get things like
https://bugzilla.gnome.org/show_bug.cgi?id=758131 - fixable, of course,
but far too easy to get wrong).

It's a judgement call whether it's a good idea for Wayland to enforce
this after many years of developers having been told that it's a bad
idea to design X-based applications that need to be run as root (as I
said earlier, I remember this from over a decade ago, so it's not a new
thing).  I think on the whole I tend to agree with the position that if
this isn't enforced then nobody's ever going to get round to fixing
things, but I can see the contrary position too.  But the position that
it isn't even a bug at all to design an X application this way isn't one
I've heard anyone take in quite some time; yes, reorganising an existing
program can be somewhat arduous, but IME the relevant developers
generally accept that it needs to be done sooner or later even if they
don't schedule it very urgently.

-- 
Colin Watson                                       [cjwatson at ubuntu.com]

More information about the ubuntu-users mailing list