Re: Debian and fingerprint readers
On Fri, Mar 5, 2021 at 11:57 am, Philip Hands <firstname.lastname@example.org> wrote:
Wouter Verhelst <email@example.com> writes:
On Thu, Mar 04, 2021 at 05:57:15PM -0500, Sam Hartman wrote:
The parts of Debian that are trying to do that are some of the
environments. So, I'd approach the maintainers of Gnome and KDE
see if they are interested in recommending this functionality.
It could also be added to the laptop task, which would mean it
installed by default on all laptops that are installed with
Alternatively, d-i has some hardware detection functionality, to
the correct drivers for hardware that is found. One could add
for supported fingerprint readers to the hardware detection in d-i,
then install the necessary packages.
The hard part, however, is configuring all this so it works
out of the box, also for users who don't want to use it.
For users that don't want to use it, I'd suggest that the only correct
answer is for them to never have had the software on their computer at
any point, given that it's security sensitive software, and any bugs
well have the potential to hurt.
I presume if one installs this software, that even when the screen is
locked, when someone swipes a finger (or a specifically crafted toxic
pattern for that matter) on the reader, that something will be
to run that would not have been run if it were not installed.
That seems like an increase in attack surface to me, that we should
lightly inflict on unsuspecting users just because *shiny finger
I'd expect that people that want their fingerprint scanners to be in
are mostly aware of that fact, so as long as we make the optional
packages easily installable, that seems completely sufficient to me.
From an earlier reply of Mark,
"It's just a case of needing the libfprint and fprintd packages
and then under settings->user you can start registering your prints."
So I think there is still a manual step required before this is active.