X Window security. Wandered outside the hack lab to sip a drink and cool down. There I saw Keith Packard and Bdale Garbee. Quickly introduced myself to them both, then asked Keith what his take was on the recent OpenBSD complaints that X11 is insecure by design [1] [2]. Keith said he wasn't going to respond to those complaints, because DRI/DRM already provides what Theo de Raadt says he wants in the way of kernel control over dma and register access on video cards. Many X11 video drivers are not yet converted over to doing things the DRI/DRM way, and so Theo is correct that X11 has huge security holes. But they are not permanent; the future is already arriving. Although DRI/DRM is positioned as a 3d technology, it is intended that even 2d drivers in the future will conform themselves to its API. Keith also said that OpenBSD's representative on the X11 team is easy to work with and cooperates well with the team, so there is hope that if OpenBSD turns its attention to X11 support, everyone will soon benefit from the comprehensive security audit. Although the DRI/DRM design solves the security problems, it is a bitch to implement. Mode switching alone is so finicky and is so tied into both the video hardware and x11 server optimizations, that it has never successfully been implemented in the kernel. Keith said he supported the idea of isolating the mode switching code out into a small, privilege separated userland utility. There were many other things said, which sounded positive, but without the aid of a tape recorder, I can't remember them.
Putting packages out of main. Learnt a trick today,
courtesy of Phil Hands and Ralph Amissah. If you want to upload a package
into a part of the distribution other than main, you alter the
Section: field of the debian/control file in your
package. Suppose your package fits into the text section, because you use it
to process text. Maybe you reimplemented awk. If you put Section:
text the package will go into the text portion of the main repository.
If your version of awk depends on a library that is in the non-free section,
you would put it in the contrib section. So you would put this in your
debian/control file: Section: contrib/text and
Bob's your uncle.
Politics. I find myself doing vastly more politics at this conference than coding, although I am getting some of that done too. When people are deep inside their own worlds, it takes a lot of work to bridge between the worlds. So far it seems like time well invested.
Embedded. If anyone needs any embedded work done, Wookey is your guy. Send him an email with a proposal.