<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 21 February 2015 at 15:31, ikey <span dir="ltr"><<a href="mailto:ikey@evolve-os.com" target="_blank">ikey@evolve-os.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class=""><br>
<br>
On 21/02/15 04:27, Steve Dodier-Lazaro wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="">
<br>
On 21 February 2015 at 00:44, ikey <<a href="mailto:ikey@evolve-os.com" target="_blank">ikey@evolve-os.com</a><br></span><span class="">
<mailto:<a href="mailto:ikey@evolve-os.com" target="_blank">ikey@evolve-os.com</a>>> wrote:<br>
<br>
True. But those have always been evil anyway.<br>
<br>
<br>
They're an absolute necessity for user-driven access control and for<br>
securing a bunch of other applications. UI embedding is used on Windows<br>
8 (and OS X, I suspect) to provide custom widgets in file choosers, it's<br>
used by Android to serve ads without exposing parent apps' UIs, and it's<br>
got a massive potential for building permission UIs within apps. I don't<br>
remember anything of the internals of Plug/Socket and am generally not<br>
qualified to discuss that stuff, but I do hope there's a replacement coming.<br>
</span></blockquote>
And that stops them from being absolute evil.. how? :) Never said they<br>
weren't needed, just stating the fact they are utter evil. Also please,<br>
never *ever* use the word "securing" in relation to xembed, that's just<br>
a joke. xembed is a security nightmare and in all honesty should be shot<br>
in the face with a broken up Katy Perry CD.<br></blockquote><div><br>Agreed, I'm not saying at all that XEmbed is any secure. I'm saying the
Plug/Socket API is simple enough to be convenient for all sorts of
developers, and there is a security-related need for (adversarial) UI
embedding.<br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
There are other ways of doing things, such as using libraries, and not<br>
embedding at all. I understand Simon has thoughts on a Wayland compatible<br>
solution in the future involving sub surfaces. For the time GtkPlug and<br>
GtkSocket still exist, so there's no reason to look at a replacement<br>
*yet* (GTK3 enabling != Wayland enabling)<span class=""><font color="#888888"><br>
<br>
- ikey<br>
</font></span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="">
<br>
My personal thoughts are to go forward with a complete port. If the<br>
future of XFCE is on GTK3, then why support GTK2 anymore.. ?<br>
<br>
I can understand why a compat shim would be used in a dual-scenario,<br>
but I'm not entirely sure any API #ifdef's are wanted here. :)<br>
<br>
<br>
I would assume it'd be easier to just keep 4.12 in its own branch and<br>
backport high/critical/blocker fixes until installs of xfce4<br>
(specifically 4) plummet. I believe that's what Andrzej meant?<br>
<br>
<br>
<br>
--<br>
Steve Dodier-Lazaro<br>
PhD Student<br>
University College London<br>
Free Software Developer<br>
OpenPGP : 1B6B1670<br>
<br>
<br></span><span class="">
______________________________<u></u>_________________<br>
Xfce4-dev mailing list<br>
<a href="mailto:Xfce4-dev@xfce.org" target="_blank">Xfce4-dev@xfce.org</a><br>
<a href="https://mail.xfce.org/mailman/listinfo/xfce4-dev" target="_blank">https://mail.xfce.org/mailman/<u></u>listinfo/xfce4-dev</a><br>
<br>
</span></blockquote><div class=""><div class="h5">
______________________________<u></u>_________________<br>
Xfce4-dev mailing list<br>
<a href="mailto:Xfce4-dev@xfce.org" target="_blank">Xfce4-dev@xfce.org</a><br>
<a href="https://mail.xfce.org/mailman/listinfo/xfce4-dev" target="_blank">https://mail.xfce.org/mailman/<u></u>listinfo/xfce4-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature">Steve Dodier-Lazaro<br>PhD Student<br>University College London<br>Free Software Developer<br>OpenPGP : 1B6B1670</div>
</div></div>