[sane-devel] Sandboxing scanner applications

Bastien Nocera hadess at hadess.net
Sat Sep 19 20:58:58 BST 2020

On Sat, 2020-09-19 at 18:01 +0200, Jörn-Ingo Weigert wrote:
> Thanks for your opinion Bastien, please acknowledge mine too.
> I don't see any sense to sandbox all and everything, just because you
> can.
> Better to fix problems and security issues, here related to Sane,
> than just sandboxing it and hope, that sandboxing works... and that's
> what sandboxing is about: running unchecked and therefore potentially
> malicious software on a system.

It's like saying drivers will start ramming their cars into one another
because they wear seatbelts.

I'm curious though, what part of the SANE project do you contribute to?
Do you have any expertise writing code that could be sandboxed, whether
through systemd's lockdown, or Snap or Flatpak sandboxing?

> That doesn't mean, that the idea of a general, unified access over d-
> bus to scanners may not be something to be developed.
> Bastien Nocera <hadess at hadess.net> schrieb am Sa., 19. Sep. 2020,
> 16:32:
> > On Sat, 2020-09-19 at 14:03 +0200, Jörn-Ingo Weigert wrote:
> > > Sandboxing is the loosing sign of developers who can't fix things
> > and
> > > don't know their product. 
> > 
> > You really don't have to send emails to the list if that's going to
> > be
> > your level of discourse.
> > 

More information about the sane-devel mailing list