--nextPart2997103.LUx9hD54bB Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Donnerstag, 7. Juli 2005 21:40, schrieb Oswald Buddenhagen: > On Thu, Jul 07, 2005 at 06:16:39PM +0200, Friedrich W. H. Kossebau wrote: > > Am Donnerstag, 7. Juli 2005 11:58, schrieb Oswald Buddenhagen: > > > On Thu, Jul 07, 2005 at 03:22:53AM +0200, Friedrich W. H. Kossebau=20 wrote: > > > > This could be done by downscaling from one given picture with the > > > > largest size needed, like 140x140 or 300x300. > > > > > > no way this is going to work: > > > - slow. > > > > Another (additional) solution would be to do the scaling once (when > > adding the face) and save the results to disc. > > this is what is happening now. well, only for the face.icons, actually, > as the faces are practically unsupported. sure, it would make sense to > offer a down-scaled version of the image selected as the face for the > icon - as long as it is possible (and recommended) to set the icon > separately ... Which would be enforced by the face selector. :) > > > > Enabling users to provide their own face as a file in their home dir > > > > works with display managers. They usually are run with superuser > > > > rights (or have some helper demons which are), so they can access a= ll > > > > files. > > > > > > while kdm currently has code that setuids to the owner of the image, a > > > comment (i mean, _a comment_ - in _my_ code!! :) clearly indicates th= at > > > it is supposed to run as nobody. > > > > > > actually, i could/should change this right away - no need for the > > > entire greeter to run as nobody for this. > > actually, i did just after the post ... > > > > ergo, inaccessible image -> no image - without exceptions > > > > I do not really get what you say here? Go with nobody or don't? > > any non-root. if the image is public, it is visible. that simple. Hm. What could a user do who would like to hide his $HOME but make his own= =20 face available? The docs of GDM tell that explicitly for this purpose they= =20 run a demon with superuser rights to tunnel such pictures to the greeter... > > > > But might this put danger on security? What if someone manipulated > > > > one's addressbook and therefore the system displays the wrong perso= n? > > > > > > you can do this with the .faces as well. that's one of the reasons why > > > the *Admin* variants still exist. > > > > Okay. So we could allow users to set up their own set of faces and names > > for the other users and enable the admin to outkiosk that, then. > > ? Well, apps such as the kdm greeter or the lock dialog would never use an=20 addressbook while other apps would if a user choose to do. By using a speci= al=20 constructor of proposed KUserFaceLoader... Okay, generally I see no real objections against my proposal so I will prep= are=20 and send in a patch tomorrow :) Regards =46riedrich --nextPart2997103.LUx9hD54bB Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQBCz8U2ECqmVFXwdrMRAuhQAJ9guMUV952G60dgC9g7p8s4jEeJkQCffDyK 9diswHHv4o422rJiSUKJSkc= =wRT+ -----END PGP SIGNATURE----- --nextPart2997103.LUx9hD54bB--