[sugar] secure /tmp and /var/tmp

[Marco Pesenti Gritti]

On Nov 8, 2007 5:20 PM, Ivan Krstić <krstic at solarsail.hcs.harvard.edu> wrote:
> Bitfrost is not a general Linux distribution security mechanism.
> Sugar is not a general Linux desktop environment. These things are
> designed with different goals in mind, for a different purpose, and
> behave differently than the things you're used to. You can argue that
> our designs are wrong and the behaviors broken, but even that's for
> the most part orthogonal to the argument that the designs should be
> such that everything old continues to magically work. Backwards
> compatibility, quite simply, was not an OLPC design goal, and while I
> am happy to not deviate from old behavior superfluously, I also have
> an interest in doing the right thing for the new platform, especially
> when dealing with ambiguity. At the moment, I regard the /tmp
> situation as ambiguous and misleading.

+1.

On the Sugar side we asked our UI design team to come up with a
completely new design. If the goal was compatibility we should have
started from the existing (the GNOME desktop, for example) and evolved
it gradually towards our vision.

We have reused existing libraries as much as possible (gtk, cairo,
matchbox, mozilla, telepathy just to cite a few) which is essential to
be able to base our activities on existing software. Write, Browse,
Read, and the whole collaboration support, are the proof of how well
this worked in practice. With very little python code we have achieved
both integration with the system and reuse of existing code.

Though applications backwards compatibility just doesn't make sense in
this context. We consciously broke it with the high level design, both
of the user experience and of the security framework.

Marco