On Jun 30, 2006, at 1:08 AM, Troy Rollo wrote:
On Friday 30 June 2006 14:52, William Knop wrote:
Um hold on a second. Clearly many developers have different ideas about what's reasonable.
Actually I don't think that's true. As far as I can see all of the *developers* participating in this thread agreed that autorun (1) is a bad idea and should not be implemented, and (2) is on the other side of the demarcation line between Wine and the desktop environment.
I would be surprised if any significant number of developers disagreed with these two points. As for the first, it reflects the difference between Windows' security model and the Unix/Linux security model (the difference being that the latter systems actually have a model deserving of the label "security"). As for the second, an end user may well not understand the distinction between Wine's role and that of the desktop environment, but a developer should. Wine is for making Windows applications (and native applications coded to the Windows API) run - I am not aware of any developer who thinks it should be a complete reimplementation of Windows.
1) While I agree maintaining a staunch security policy is important, that has nothing to do with autorun. Making the user browse to find an executable is not security.
2) The line you refer to I believe would put detecting media inserts on the desktop environment side, and the parsing and execution of windows autorun inf files on the wine side. Hell, the user would have to run `wine --media-autorun /mountpoint/autorun.inf`. That has to be as secure as the user running `cd /mountpoint/somedir; wine ./some.exe`.
Will