[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Plash] Plash 1.18 released
|
From: |
Mark Seaborn |
|
Subject: |
[Plash] Plash 1.18 released |
|
Date: |
Tue, 05 Jun 2007 00:32:03 +0100 (BST) |
Plash 1.18 is now available.
Packages are available for Ubuntu Edgy Eft and Ubuntu Feisty Fawn.
Add one of the following lines to your /etc/apt/sources.list file:
deb http://plash.beasts.org/packages ubuntu-edgy/
deb http://plash.beasts.org/packages ubuntu-feisty/
See <http://plash.beasts.org/wiki/DownloadPackages>. (Note that the
form of these sources.list lines has changed slightly from the last
release.)
The major new feature is the packaging system, for running programs
from Debian packages in sandboxes. This is able to run a number of
programs such as Firefox and Evince. See
<http://plash.beasts.org/wiki/PackageTools>.
This first version of the package system has some shortcomings:
* It doesn't check GPG signatures on Debian repositories.
* There is no way to grant extra authority besides the powerbox, and
no way to save authority across sessions.
* No GUI for installing applications.
* Uses curl to fetch files and doesn't catch 404 errors properly.
* The package tools are not themselves sandboxed. A Packages.gz file
may be able to use ".." in filenames to escape the sandbox (although
programs in the .debs cannot).
This is something of a stopgap release in terms of the package system.
A priority for the next version is to add a persistence system. This
will provide a way of granting authority across sessions, and it will
provide a way to configure the package system including specifying GPG
keys.
This is the first release to be documented through the wiki. Bugs are
tracked on the wiki, new features tracked through story pages, and the
RoadMap page sketches out plans for future changes.
This release addresses a major security issue: granting access to the
terminal (see http://plash.beasts.org/wiki/PlashIssues/TtyVulnerability).
pola-run now proxies access to the terminal. This has been
implemented in Python, and as a consequence the package has switched
to installing the Python implementation of pola-run instead of the C
implementation. pola-shell has been dropped from the .deb for this
release. The plan is to add it back when it is rewritten in Python.
Minor new feature: The options --tmp/--tmpdir have been added to
pola-run, partly to address
<http://plash.beasts.org/wiki/PlashIssues/HardLinkVulnerability>. See
<http://plash.beasts.org/wiki/Story8>.
Testing: The test suite is much expanded, with new unit tests being
written in Python. Previously tests were written in Perl and closer
to functional/integration tests in scope.
Issues fixed:
* http://plash.beasts.org/wiki/PlashIssues/DomainSocketAbstractNamespace
* http://plash.beasts.org/wiki/PlashIssues/ReadlinkBroken
* http://plash.beasts.org/wiki/PlashIssues/CowDirRenameBroken
* http://plash.beasts.org/wiki/PlashIssues/PolaRunHangs
* http://plash.beasts.org/wiki/PlashIssues/PowerboxWithEvince
In particular one issue still remains:
* http://plash.beasts.org/wiki/PlashIssues/ConnectRaceCondition
Mark
- [Plash] Plash 1.18 released,
Mark Seaborn <=