[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: merge sensible-browser in xdg-open AKA how to select the "best" browser

Hi,
I think we make clear our opinions, like they were clear on IRC; but
the reason I started this thread is to have *others* opinions.

On Sat, Aug 1, 2009 at 21:12, Bernhard R.
Link<brl@pcpool00.mathematik.uni-freiburg.de> wrote:
> * Sandro Tosi <morph@debian.org> [090801 20:22]:
>> x-o is just a glue around other too to try to identify the best
>> candidate to open a file/URL. So there are 2 options: or is so damn
>> wrong that it must be removed from the archive,
>
> I'm not claiming it is totally wrong. As I said I did not look at what
> it does. All I want to ask for: If you reinvent the wheel please make
> it at least round. Better learn from the wheels that were there before.
>
> It's really depressing to see the same security problems again and
> again and again.

Ok, so are you going to help x-o be a better tool and fix those
'depressing' problems?

>> or there must be a
>> stronger reasoning to not merge s-b in x-o (even more that x-o already
>> uses s-b) then *hypothetical* security problems.
>
> All I ask for is that you understand that you are about the change the
> relavant semantics of something security relevant, and act accordingly.

What? all I'm trying to do is say "hey man, if you need to open a url,
do it with x-o as you've done with x-b".

If a tool is using s-b, then even *now* calling x-o will do the right
thing (using the preferred browser or calling s-b itself).

If I want to open a URL, and I pass to x-o a file, then it's a user or
a programming error, that should be fixed. I don't see a security
problem here.

Any anyhow, I fail to see any single proposal from you about how to
actually *solve* this problem. My idea is to have just one single
program to open a URL, and x-o is superior from a users POV (because
it uses the preferred application not the one via alternatives, so
decided by the maintainers).

If you want to help out with this, you're welcome, but just criticize
without proposing anything in opposition is quite pointless IMHO:

- I see x-o being better for users, and since it already uses s-b (and
both they do the same thing) so merging in one is nice to have
- you say x-o is dangerous but then you say it's not that a problem
(no bug report, for example)
- you think that if I want to open a URL and I pass a file it's a fail of a tool
- I proposed to have a reinforcing option (or a symlink s-b -> x-o for
example, so x-o can check $0 and act upon) to make x-o only trying to
open a url with the parameter given (of course, if the maintainer
accepts this)
- it seems you don't want to help in making the tool better or improve
the situation, but just shooting at me.

Cheers,
-- 
Sandro Tosi (aka morph, morpheus, matrixhasu)
My website: http://matrixhasu.altervista.org/
Me at Debian: http://wiki.debian.org/SandroTosi
Reply to: