On Sun, Dec 18, 2005 at 03:49:32AM -0500, Daniel Kahn Gillmor wrote:
[...snip...]
>
>
> inkscape 0.43 has collaborative, networked editing via XMPP built-in,
> with the Inkboard project. More info is available about it in
> /usr/share/doc/inkscape/NEWS.gz
>
> The attached patch seems to enable this feature for the debian package.
>
> However, upstream does say that there are known bugs in inkboard, and
> of course opening any complicated desktop package to networked input
> is a bit scary from a security point of view. These concerns should
> be considered as well.
I know the efforts around inkboard quite well and I thought about
including the option in the debian package. But since there are some
bug (besides security risks) which are being worked on, I decided not to
enable this feature and wait for the next release when it has matured a
little.
> Mitigating the security concern somewhat is that it looks like you
> need to explicitly connect to an XMPP server for any of the
> connectivity to be activated, so users who stay unconnected are
> proabably not in any increased risk.
>
> Thanks for maintaining this package,
>
> --dkg
Hi Daniel,
Thanks for you reports.
On Sun, Dec 18, 2005 at 03:49:32AM -0500, Daniel Kahn Gillmor wrote: doc/inkscape/ NEWS.gz
[...snip...]
>
>
> inkscape 0.43 has collaborative, networked editing via XMPP built-in,
> with the Inkboard project. More info is available about it in
> /usr/share/
>
> The attached patch seems to enable this feature for the debian package.
>
> However, upstream does say that there are known bugs in inkboard, and
> of course opening any complicated desktop package to networked input
> is a bit scary from a security point of view. These concerns should
> be considered as well.
I know the efforts around inkboard quite well and I thought about
including the option in the debian package. But since there are some
bug (besides security risks) which are being worked on, I decided not to
enable this feature and wait for the next release when it has matured a
little.
> Mitigating the security concern somewhat is that it looks like you
> need to explicitly connect to an XMPP server for any of the
> connectivity to be activated, so users who stay unconnected are
> proabably not in any increased risk.
>
> Thanks for maintaining this package,
>
> --dkg
[...snip...]
Thanks,
Wolfi