Rene Engelhard schrieb am Fr 27. Nov, 16:48 (+0100):
> Hi,
Hi,
> > Package: libreoffice
>
> No, libreoffice does not contain anything except dependencies. Do you mean libreoffice-core?
I don't know which package contains this functionality. And it shouldn't
matter. I file a bug report to a *project* and I'm really don't know which
component implements what. That's a question how the project organizes the
internal structure and I'm not a developer.
> Sorry, that it hits you, but why can't people just file against the
> correct package? "libreoffice" clearly says it's a dummy package.
I think the problem comes from the different views: as a user I see a
problem and want to report it. I also could have addressed the bug to
libreoffice-writer, because I saw it there. But the only thing I wanted to
tell is, that I've seen something that relates to the project. As long as
it reaches the project that's fine. It's not lost like all these bugs
someone observes and rants about, but doesn't tell the project about it.
You might view a bug report as an incident in a component and would like
to organize all bug reports.
So, I think, it's more a problem of the bug tracker that sets the bar so
high to “know the right package”, “know the right severity” and so on.
From a users point of view you don't know a project organizes it's bug
reports.
> > Severity: normal
>
> Sigh.
That's why I keep the severity on normal. I'm not in the position to rate
the bug. And you know, there are enough fights about the right severity
“normal vs. wish”.
I'm using so many projects and if I see something and would like to tell
them about it, it should be easy to. Otherwise I drop it.
And I'm sorry, now, but my impression is, it's better not to send bug
reports to the libreoffice package.
> How it is a bug when LO does what it's supposed to do in case people want to
> sign their documents (with S/MIME, gpg is something else) *and which is
> documented*?
I didn't touch anything that had to do with signing. I've got a document
as a mail attachment and hit enter. I use LibreOffice four or five times
per year. I don't know about all the features of LibreOffice.
> That's what it is for. Signing documents with S/MIME.
>
> > I'm seeing many entries like these in my log:
>
> If you look at your logs (which is good) I would also expect you being
> able to do a basic resarch (see above) instead of filing a "bug" which
> then will linger around until eternity :-(
To be fair I don't look at my logs. I'm no other than an ordinary user.
But I get AppArmor messages via mail. That's why I've spotted this (and
other) problems.
> > operation="open" profile="libreoffice-soffice" name="/home/joerg/.mozilla/firefox/aelzkv52.dev/cert9.db" pid=486621 comm="soffice.bin" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000
> > operation="file_lock" profile="libreoffice-soffice" name="/home/joerg/.mozilla/firefox/aelzkv52.dev/cert9.db" pid=486621 comm="soffice.bin" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000
>
> Access to the Mozilla profile is completely expected in how it's
Yes, that's what you expect, but a) the AppArmor rules expect something
else and b) from a generic point of view, I as a software developer
wouldn't expect any project accessing the internal files of another
project. This makes any change very difficult, because you have to
consider all possible external users if you touch anything. That's
horrible.
> (The apparmor profiles allow "r", not "w". (Have to lookup what "c" is.)
> which is correct since
c is create and handled by w(rite).
> Key *management* is something LO should not do and cannot do anyway. (same with gpg)
Yes, indeed. Why doesn't it use helper tools like openssl? I'm using
neomutt and it manages PGP and S/MIME signing, encryption and verification
by use gpg and openssl. Neomutt doesn't provide these features by itself.
It requests the tools for it.
> I guess I need to check whether signing works when the profile is in
> enforcing again...
At least, I can tell (but this is another problem) LibreOffice crashes
with gpg using tofu.
apparmor="DENIED" operation="open" profile="libreoffice-soffice//gpg" name="/home/joerg/.gnupg/tofu.db" pid=708430 comm="gpg" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000
If you don't care about it drop this. I've fixed it for me, so it doesn't
bother me any more.
> > LibreOffice tries to access the key storage of Firefox, which is really
> > strange.
>
> No, it isn't.
From the point of view how LibreOffice look at this problem. But from a
generic point of view you what to have separation of domains. That's why
no process can access the memory of another process and so on. That's all
about encapsulation. And if two projects share something in common they
should place it outside of *both* projects.
> > Isn't it possible to use the keys in /etc/ssl?
>
> a) as said it uses nss instead of the "standard" openssl, and has to use
> what nss expects
> b) how are you going to add signing certificates as user to /etc/ssl without
> being root?
… by using a private key store. So, you are telling me it's difficult,
impossible and so on … and at the same time, I'm sitting here in front of
neomutt and it tells me there's no problem. Why can a project with only
one developer solve a problem that a project with multiple developers
can't?
Regards Jörg
--
"The future is here. It's just not widely distributed yet."
(William Gibson)
Attachment:
signature.asc
Description: PGP signature