From X2Go-ML-1@baur-itcs.de Sun Dec 14 23:38:14 2014 Received: (at submit) by bugs.x2go.org; 14 Dec 2014 22:38:16 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2 X-Greylist: delayed 302 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Sun, 14 Dec 2014 23:38:14 CET Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.10]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id A14035DB1C for ; Sun, 14 Dec 2014 23:38:14 +0100 (CET) Received: from [192.168.0.3] ([188.105.123.110]) by mrelayeu.kundenserver.de (mreue103) with ESMTPSA (Nemesis) id 0M4Bbn-1Xica4447X-00rsjN; Sun, 14 Dec 2014 23:33:12 +0100 Message-ID: <548E1038.9010807@baur-itcs.de> Date: Sun, 14 Dec 2014 23:33:28 +0100 From: Stefan Baur User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: submit@bugs.x2go.org CC: Michael DePaulo , Mike Gabriel Subject: We need to talk about, and document, which options are overridable in which way Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:jbdJby9rZ7vJGOpCEduMPzy5Dk/ygY5Z/eoP+pcj9AWu92wMtD2 dc1pY2fvEbGZccgfkBSGDgU8T/jBaIrQ7MuQIXZvCsccZdhpaSN20oCggDwlfJcCqiGRfbT sKJvBdgwBR3D008rVtqztX4CfQ50J4sypIHTXo50M6Gl5WQ/RGZNArbJ5UoBZh/2ffVazAk Tq4m7nW7jqTg7AGvgmf+Q== X-UI-Out-Filterresults: notjunk:1; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: x2goclient Hi, This was inspired by Mike#2's question on how to make microphone input configurable in X2GoClient. The real issue goes way deeper, IMO. Basically, we have three places where an option (not only the microphone input) could be set: 1) command line option 2) "forced" config from broker 3) sessions file (which may be on a read-only network share) a) We need to define an order of precedence for each option; also, how to deal with conflicting options. Example 1: For the microphone to be enabled, both the command line option as well as the sessions file/broker config should match. If the command line option says --mic=off, and the sessions file/broker config says "mic=on", then the mic should be *off*. Also, if the the sessions file/broker config says "mic=off", then the command line option should *not* be able to override that. Only if one side indicates that it doesn't care (by lacking the option), or if all sides agree, the microphone should be turned on. This is a security/privacy-related issue. Example 2: The sessions file or the broker may specify cinerama=off, and now the user attaches a second screen. So being able to pass a cinerama=on on the command line would be nice. Also, this has no security/privacy implications (as far as I can tell - but feel free to prove me wrong), so an agreement between all sides (command line vs. sessions file/broker) would not be neccessary, as long as we agree on an order of precedence and document that properly. b) The broker should be able to offer forced options as well as user-selectable options. Think of it like the Firefox preferences configuration: Admins may, e.g., force the use of a proxy using a "lockPref", but they can also set a default home page that still *can* be overriden by the user ("user_pref"). Similarly, the broker should be able to deliver a config (and the client should be able to parse it) that contains markers as to which settings are "locked" and which settings may still be changed by the user. Of course, this doesn't protect against "rogue" clients that have this feature disabled, so it's not a security measure, but it would allow an admin to, e.g., specify that sound is off by default, but the user may turn it on if so desired. Mike#1: Feel free to clone this bug for the broker part. - -Stefan - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUjhA4AAoJEG7d9BjNvlEZHbgH/1jzw3GOkDuMVV83RfEVMTPi h+pYBcifUYF/XUG+rGmiTAwvlmoUzgDNlOkbMhfuWJTP9ZwEMtGu3b6mbjEq5af6 5xB5OThtfgryF4DepfoRDeqyVzfLEH7/l43aP8IH08OJVtkiumNSfPvCoflP+IrM dZzufEYdxPF1lazWInXb8cqtcGMB3pNGQSqenWTXDSYdh9hEK0quHv/8F23eo4gg Wgu3FZumBQ5ZsmKIuYzzUJARDK+d8Qf1iW79rm9sMy239gCIdRiJ5Deq3rnHPEcS 2a4/1YwstCTMt/bCBwnl4CwssexWBj1vN3emvFhmz8cgGOgs6FXj3BnRX8Pf/G4= =y3d1 -----END PGP SIGNATURE----- From X2Go-ML-1@baur-itcs.de Thu Jan 8 16:05:24 2015 Received: (at control) by bugs.x2go.org; 8 Jan 2015 15:05:24 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: * X-Spam-Status: No, score=1.8 required=5.0 tests=BAYES_20,MISSING_SUBJECT autolearn=no version=3.3.2 X-Greylist: delayed 301 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Thu, 08 Jan 2015 16:05:24 CET Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 27F845DB53 for ; Thu, 8 Jan 2015 16:05:24 +0100 (CET) Received: from [192.168.0.3] ([78.43.170.197]) by mrelayeu.kundenserver.de (mreue005) with ESMTPSA (Nemesis) id 0LdZfa-1XQa610922-00ihZI for ; Thu, 08 Jan 2015 16:00:23 +0100 Message-ID: <54AE9BC5.3090604@baur-itcs.de> Date: Thu, 08 Jan 2015 16:01:25 +0100 From: Stefan Baur User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: control@bugs.x2go.org Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:rqI/FHMLhQ5MZq2ElXqDlt7j2wMpM7/BQRXJ5V3zUgzAK5q08FH lG/3vDS0YvDECUkRaubMzIfs61BOVCkNdUkiEYjCl6e0mTJNBkgSsT2lxYvzbk/UUipgZPY QRyfnpb8MM8eN8BYqyAotbl6Sh+0pXxCfBfI0heEG385RhDAGq3WfzZUPQecI000AZbugwm HWkBiaz1kY1RESexBfQsw== X-UI-Out-Filterresults: notjunk:1; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 priority 701 wishlist thanks - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUrpvFAAoJEG7d9BjNvlEZFOEIAJDnwCfGEplSLXEpdbY9BfqW tpITqtPAlX4zpApTVGW6L4+OcOtUUYkXbTMXXiQHpM1+F4P/hPiLZ/0aBA69zIFJ /xm5ETJqco4XiIhqlZPzlwGxRQfD/FKkzIuQe8ZCqQw2sOun024Wis19/8LQPbys l2PoOfJs0fCIhYuEkdm/ffXT9Ge7yNBXVt4JqJdS5zY1NiQRRIGsrR+ZmHvPyQix QEj4qaetMJWsl7dgLHuHAHaf3tEt7m/EOgnjJ5iLFbyNmZYJ8K28dbYtxjCQ37+k ySpPmUUHw/4DzgV/Otf9/yPrlocVaQTnB/oLI8unYqHeX4jGjxQLJdwK0h/q7No= =d+1K -----END PGP SIGNATURE-----