[sane-devel] Sandboxing scanner applications
Jörn-Ingo Weigert
jiweigert at gmail.com
Thu Sep 17 16:31:06 BST 2020
Be patient, not every developer lives in the same time zone or check the
mailing list frequently, like you or me. They are all doing their work for
free.
I'm sure other developers will jump in too and have helpful Tipps & critics.
Kind regards.
Jörn-Ingo Weigert
Bastien Nocera <hadess at hadess.net> schrieb am Do., 17. Sep. 2020, 17:23:
> On Thu, 2020-09-17 at 16:55 +0200, Jörn-Ingo Weigert wrote:
> > Got it.
>
> Any comments about the questions in my original mail? (dependencies,
> whether to create a new project, or build it in sane-backends/sane-
> frontends)
>
> > Bastien Nocera <hadess at hadess.net> schrieb am Do., 17. Sep. 2020,
> > 16:04:
> > > On Thu, 2020-09-17 at 15:38 +0200, Jörn-Ingo Weigert wrote:
> > > > Hi Bastian,nice idea. As SANE is already network capable to
> > > provide
> > > > connected scanners to the network,
> > > > (simply a network device) it make not really sense, to provide
> > > > sane(d) via Flatpak in my eyes.
> > >
> > > I have no plans on running saned inside the sandbox. It's about
> > > running
> > > a server on the outside of the sandbox, talking to the real
> > > hardware,
> > > so that applications don't need direct hardware access.
> > >
> > > > however, having SANE-based applications like XSane/ scan-image as
> > > > Flatpak version, maybe a nice idea.
> > >
> > > Most of them are blocking on having a scanner portal, which is what
> > > this is about. For example:
> > > https://github.com/flathub/flathub/pull/1111
> > >
> > > And paperwork needs access to all the devices, and ship its own
> > > sane-
> > > backends, which means it only works with the scanners supported by
> > > sane-backends:
> > > https://github.com/flathub/work.openpaper.Paperwork
> > >
> > > > But for this you don't need to modify saned. ...
> > >
> > > You need to, if you don't want saned listening on the network,
> > > being
> > > auto-activatable, and being able to add a portal/proxy in between
> > > so
> > > that scanner access is a changeable permission.
> > >
> > > We can't easily filter network calls, and most scanner apps don't
> > > need
> > > network access, so giving them network access opens the sandbox for
> > > no
> > > good reason.
> > >
> > > > Or do I miss here something?
> > >
> > >
> > >
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/sane-devel/attachments/20200917/211286bc/attachment-0001.html>
More information about the sane-devel
mailing list