© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
libosso review:
- should not be a native package
- libosso-test is empty
- libosso-dev ships the same html files as -doc, they should be removed
- What is the motivation for the separate libosso-dbus-conf package? the description does not say much about the purpose, and none of the binaries ship any dbus service.
- the system bus policy currently says "allow all operations for all users on all backends", which is not acceptable for a package in main (since this opens a huge security hole if someone installs this on an Ubuntu desktop system).
- The session bus policy has the same problem, it allows all users to connect to all other user's session buses. That might not be a problem on mobile devices, but if they get multiuser support, or run some privilege separation (e. g. between browser and local apps), then this should be restricted sensibly, too.