"Sloane, Brandon" <bslo...@owlcyberdefense.com> writes: > I'm not sure how the pop-os/cosmic-comp PR is relevent. It seems to be about > exposing cosmic-comp as a library in general. While potentially useful, > several other compositors have been doing that for a while, and it doesn't > seem inform security decisions.
Yeah, I guess it's not explained very much on the PR — the idea is that the library interface will expose hooks that are designed to allow an application that's just a very small wrapper around the full compositor implementation in the library to take over certain things, such as in this case doing a permission check of its choice before telling the compositor whether to proceed with something — something always on my mind is controlling access to the clipboard, for example.
signature.asc
Description: PGP signature