Web lists-archives.com

Re: 'synaptic' removed from buster

On Thu 11 Apr 2019 at 20:55:20 (+0200), Nazar Zhuk wrote:
> On 4/10/19 10:10 PM, David Wright wrote:
> > On Thu 11 Apr 2019 at 00:34:04 (+0200), Nazar Zhuk wrote:
> > > On 4/10/19 10:58 AM, David Wright wrote:
> > > > On Sat 06 Apr 2019 at 08:42:31 (+0100), Jonathan Dowland wrote:
> > > > > On Fri, Apr 05, 2019 at 09:39:23PM -0500, David Wright wrote:
> > > 
> > > > > > Given a straight toss-up though, I think synaptic has to give way because
> > > > > > there are plenty of alternatives. I'd never heard of it until a few people
> > > > > > started mentioning it here, and I'd never consider using it myself on X except
> > > > > > as an ordinary user.
> > > > > 
> > > > > The severity of the bug in synaptic (which is what has caused its autoremoval)
> > > > > would not be "serious" if the default desktop was not Wayland. So changing
> > > > > *that*, would mean synaptic could be reintroduced.
> > > > 
> > > > So Debian should have its policy dictated by bugs in an unrelated
> > > > package. Seems an odd strategy.
> > > 
> > > If a change (Wayland default) is introducing issues to a stable (in a
> > > generic sense) system, shouldn't the change be postponed until the
> > > issues are resolved? Perhaps with the help from the change proponents.
> > 
> > I don't think it's an issue that'll be resolved in the direction you
> > intend. It's the enforcement of a security model that has guided most
> > of us for years: not running GUI applications as root.
> In all of history of UNIX and Linux, root means root. You know what
> you are doing and accept the risks. rm -rf /, vim or wget under root
> are dangerous too.

The first of these examples is only dangerous if you type it into
root's commandline. Once you've pressed <Return>, it's suicidal.

The others are why I've never run, say, emacs or mc as root. I've
always used nano (from potato, ae until then) and core utilities.

> And Wayland doesn't actually change that, since nothing can, root is
> still root. You can do:
>   xhost +SI:localuser:root
> and run whatever you want as root. This is exactly what the latest
> gparted does [1].
> So this "security model" boils down to an annoyance.
> [1] https://gitlab.gnome.org/GNOME/gparted/blob/master/gparted.in#L70

Of course it does. Dealing with security is annoying. People lock
their doors, install alarms, can't cut their food on aeroplanes,
can't drink in sports venues.

On linux, you can cut all that out at a stroke, just use root. That's
what many windows users do, they just run as administrator all the
time. And taking those risks is unacceptable here.

> > The normal way of circumventing this is to have a non-GUI program that
> > performs all the work running as root, with a connection to a GUI
> > client program that runs as the user/administrator.
> Yes, that is the Wayland way. And it's now Wayland way or no way for
> all, not just Wayland users.

That's not the "Wayland way"—it's always been the way. Why? Because it
dramatically cuts the amount of security auditing that needs doing.
If you run graphical toolkits as root, you introduce huge amounts of
vulnerable code into the audit. (Look at gparted's dependencies.)

> > ... for synaptic, it might be written in such a
> > way that you can get the resolver to run with your friendly interface
> > as an ordinary user, and then use apt-get, say, to install the list
> > of packages that synaptic has come up with. ...
> Or just wrap it with a shell script that adds/removes root with xhost
> like gparted does, unless somebody has a compelling desire to
> *implement* (as opposed to force someone else to implement) "Wayland
> way".
> I tested this and it works like a charm.

Of course it does. But cross your fingers and cling to your lucky charm
while you're doing so.

> These are the things that should be considered and resolved when
> making a breaking change (Wayland default).

Yes, they have been considered, and found wanting. That's my point.
That's why lots of people laboured to make X run as a user process,
for example. Sensible people prefer not to move backwards.