What to do with potential workflow-changing / breaking changes?

Martin Gräßlin mgraesslin at kde.org
Mon Feb 20 16:05:37 GMT 2017 

Am 2017-02-20 07:53, schrieb Luca Beltrame:
> Hello,
> 
> in recent days we have seen a few commits that change how applications 
> behave,
> such as copy-paste disabled in lock screen[1] and an attempt to block 
> GUI
> applications running as root[2] (also detailed in [3]).
> 
> These will (and have already, in fact) raised quite a bit of 
> controversy. Some
> people in openSUSE proposed a local revert of [1], but in the interest 
> of a
> good relationship between KDE and distributions I suggested to open a
> discussion here to prevent a) bad surprises upstream; and b) ensure a 
> proper
> discussion of the differing waypoints.

Personal opinion: the changes landed last week in the dev branches with 
releases planned for in about two to three months. If distributions 
consider reverting the changes now, we have a huge structural problem in 
the collaboration between upstream and downstream.

Considering a revert should be the last option to examine, not the 
first. I think this is extremely harmful to the collaboration as it's a 
slap in the face of the developers doing the change.

I think this also goes clearly against KDE's code of conduct to assume 
good faith and to be collaborative.

I really hope that this does not become the norm. A recent discussion 
about this made me almost leave because a distribution developer 
speaking for one famous distribution considered reverting a dependency 
change which fixed a bug. I was very close to leave everything, because 
of that behavior. Reverting changes is harming the relationship.

As it's now again two of my changes being "evil", I must say that I'm 
again pretty pissed. Not as much as with the xkbcommon case as I knew 
exactly that users will complain that I broke their workflow.

> 
> To the developers: for the future would it be possible to communicate 
> such
> things in advance?

If I would know what would be of interest to the distributions: sure. 
Both changes are no-brainers to me. I expected that distributions care 
about security and appreciate a hardening of the system.

Now some words about the changes.
The change in [1] is a security consideration based on a bug report we 
got. My initial thought was that this is minor and not needed, but we 
allow to see the password input and thus a not authorized user is able 
to access the user's clipboard. We want to provide privacy to our users. 
Thus I did the change in question. We can easily restore the clipboard 
content on close through klipper. All it needs is someone writing the 
code, I cannot as klipper doesn't work on Wayland. Code to monitor 
whether the screen unlocks is available in KWin. It's less than 100 
lines of code to put this all together. An interested dev should be able 
to set this up with less than half an hour work. Probably way better 
spent than the time we spend on this thread ;-)

I understand that [2] is controversal. But that is also how it works 
currently on Wayland. Out of the box it is not possible to run a gui app 
as root on Wayland, due to the socket being in XDG_RUNTIME_DIR.

So with all emotions taken away: this will break as soon we switch.

I see that my change triggered people talking about it: good, we can 
improve with polkit. If we would not have broken this "workflow" nothing 
would happen.

And we should also consider that we get constant complaints about "root 
does not pick up GUI settings", we had issues with root writing into 
users config dirs, etc. etc. Running gui apps as root is a damn stupid 
and insecure idea. Let's not wait for the exploits out in the wild. 
Let's fix before we stand there with pants down. Please note that I did 
this change to kate and kwrite, which have an adequate solution through 
sudoedit and not to dolphin. I think Qt should forbid running 
QGuiApplication as root in general, but I'm not going to push it. But 
where we have ways to do the same task without exposing a risk we should 
do.

Next to all the controversal comments I also got lot of comments like 
"wow, I never knew about sudoedit". So yes this has good things :-)

Cheers
Martin

More information about the Distributions mailing list