Le 12.12.2014 13:14, Andrei POPESCU a écrit :
On Vi, 12 dec 14, 11:35:03, berenger.morel@neutralite.org wrote:So, you have to choose between:_ having a daemon running everytime, and an application which needs to listen at it's socket everytime (I guess it's how dbus works? If someone have any clue about this part of internal, I would be happy to learn), but which have a more flexible way to send messages (not tied to a protocol? I'm not that sure, but I suppose it can at least support non-standard messages), which is something I do not like: if the daemon crash, for a reason or another, or is exposed to a security issue, it's all applications using itwhich are in danger.In my very humble opinion (I'm not a programmer), applications should probably treat the message bus similar to network access: - if not available handle it gracefully - treat everything that comes from it as potentially dangerous
But, if dbus crashed, applications using it would not be able to discuss anymore. It could surprise users enough to make them say: hey, my computer is broken.
About security, well... I do not trust enough programmers (I include myself here) to be confident saying that things are always made with care when what we are writing have an input.
The authors claim otherwise.
I can write a software, and claim that it is perfect. It does not makes it true, right?
Now, if someone have used it somewhere else than on linux, then, fine, I'm wrong. Or, if the specific code is not messed in the generic code, it can be called portable, too.
I do not really want to take a look at it's source code, honestly, but it would be nice if I was wrong. Doing a quick search for less than a year old web pages containing dbus and bsd indicates lot of stuff about systemd, which is not the subject here, but this tends to imply that dbus is still usable on *BSD.
Good.
This might be interesting reading (though it seems slightly outdated tome):
Version 0.3. Clearly, it's completely outdated, current stable debian have 1.8. Versions under 1 are usually alpha versions, with tons of features lacking.