1 |
Samuli Suominen posted on Tue, 26 Apr 2011 21:56:06 +0300 as excerpted: |
2 |
|
3 |
> You have 24 hours to comment on this news item. Sorry to put it so |
4 |
> bluntly but this is required for major security bug (#364973). |
5 |
> |
6 |
> See attachment. |
7 |
> Title: Upgrade to GLIB 2.28 Author: GNOME Team <gnome@g.o> |
8 |
> Content-Type: text/plain Posted: 2011-04-26 Revision: 1 |
9 |
> News-Item-Format: 1.0 Display-If-Installed: <dev-libs/glib-2.28 |
10 |
> |
11 |
> The way of setting default URI handlers has changed since |
12 |
> dev-libs/glib-2.28 and above. If you used the GConf registry to set them |
13 |
> before, they will now be ignored. |
14 |
> |
15 |
> If you use GNOME, you must upgrade gnome-session and |
16 |
> gnome-control-center and set your default browser/mail-client again. |
17 |
> |
18 |
> If you don't use GNOME, you should ensure that the file |
19 |
> ~/.local/share/applications/mimeapps.list has the following content: |
20 |
> |
21 |
> [Added Associations] |
22 |
> x-scheme-handler/http=$browser_name.desktop; |
23 |
> x-scheme-handler/https=$browser_name.desktop; |
24 |
> x-scheme-handler/mailto=$mailclient_name.desktop; |
25 |
> |
26 |
> Replace $browser_name.desktop and $mailclient_name.desktop with the |
27 |
> appropriate file from /usr/share/applications that can handle |
28 |
> http/https/mailto URIs. |
29 |
> |
30 |
> Please make sure that your browsers and mail clients have been upgraded |
31 |
> to the latest stable versions before doing all this. |
32 |
|
33 |
This is unclear. Should non-gnome users (I'm a kde user) set this to |
34 |
prepare for the upgrade, or as a workaround until one actually completes |
35 |
the upgrade? |
36 |
|
37 |
The question comes up, because I'm on 2.28.6, which should be above the |
38 |
threshold for the notice, and I have that file in my home dir, but do NOT |
39 |
have those entries in it, which the notice appears to imply I should. |
40 |
|
41 |
Second point: To clarify, you're asking presumably admin users to set |
42 |
this in their homedir config, right? There's absolutely nothing in the |
43 |
proposed news item (and no link with it as a further detail) explaining |
44 |
this rather unprecedented tampering with a user's private homedir config, |
45 |
nor anything explaining what happens if it isn't done. Should an admin by |
46 |
arbitrary fiat edit the entries for *ALL* users? Just his own? |
47 |
|
48 |
If this is intended to be a system level policy edit, why isn't it *AT* |
49 |
they system level? If there is indeed technical reason to go editing |
50 |
individual user's homedir configs, then PLEASE make it MUCH CLEARER just |
51 |
WHICH user configs need to be edited (presumably all of them), and provide |
52 |
some justification, technical or otherwise, why editing the user config is |
53 |
the chosen solution. |
54 |
|
55 |
Note that as I implied above, a further details link is very likely |
56 |
appropriate, since news items are normally quite brief, serving in many |
57 |
cases more as an alert to check the details elsewhere than a full |
58 |
explanation and instructions. |
59 |
|
60 |
-- |
61 |
Duncan - List replies preferred. No HTML msgs. |
62 |
"Every nonfree program has a lord, a master -- |
63 |
and if you use the program, he is your master." Richard Stallman |