On Fri, 2010-02-19 at 09:13 +0000, Beaky, The WACS Man wrote: > Andrew > > On Fri, 2010-02-19 at 13:59 +1300, Andrew McMillan wrote: > > Why would you want to restrict local users from reading files which are > > freely downloadable? > > Generally the act of downloading is a significant barrier to entry for > many people, particularly those who are not normally the "administrator" > of the system. I think the point I was missing here was that the documentation for the system is X-rated. You haven't said so, but I guess a nod's as good as a wink, eh? Perhaps some obscurity helps, and so you might want to write a lintian override for that - I guess it would slow my 12 year old down enough that he'd get distracted by something else, though I doubt it would stop him if he wanted to find it. > Not really my intention. Just trying to explain that our motivations > for working on the package are very much the same as for the rest of the > free software movement. I've found over the years that merely because > of the subject matter people seem to become suspicious of ulterior > motives when there really aren't any. That's OK. I don't doubt your motives, but I also don't expect you to find too much enthusiasm among this community. Still: you only really need to find one enthusiastic person, I guess. > I do see the permissions issue as one of the biggest. It's also what > lintian has the biggest problem with, and therefore the (technical) one > that is most likely to need consideration along the road to (hopefully) > acceptance. > > I'm really interested in other people's views on whether protecting the > system components in this way is a reasonable precaution to take or an > unacceptable restriction on the other user's rights. I can see both > arguments. Regardless of whether the content is X-Rated, my personal feeling is that protecting it from local users just because they *might* be underage is overdoing it. Such decisions are normally considered the right of the person administering the computer, and I'm not sure that should be any different in this case. What would be an acceptable compromise, perhaps, would be to install the files with normal permissions, but ask a debconf question during the installation, offering to apply a more restrictive umask. > I'm thinking about protecting the /usr/share/wacs/docs/ directory with > a .htaccess file that requires a username and password in the upcoming > 0.8.5 release. That would partially remove one potential path to > circumvention of the group permissions protection, but it would be hard > to tie that into all of the standard authentication rules for the > system. I'm not sure if it's worth doing or if it would create more > issues than it would resolve. Indeed, it seems like an approach that could be more hassle than it's worth. > Maybe guidance to users to simply not install the documentation packages > on "family" computers would be more appropriate. Of course that would > mean there are applications with no associated man pages installed on > the system.... For web applications it's not unusual that man pages aren't present, but I assume there are a bunch of command-line tools you're referring to here. Would it be possible also to split the documentation into two packages, so that the NSFW docs weren't included along with the man pages? Cheers, Andrew. ------------------------------------------------------------------------ andrew (AT) morphoss (DOT) com +64(272)DEBIAN You love peace. ------------------------------------------------------------------------
Attachment:
signature.asc
Description: This is a digitally signed message part