[blorgle]

I am a big fan of grsec, RBAC and sandboxing stuff. But let's be real here people! Those are good features on servers where there isn't a giant security black-hole called X, where any local exploit of the app can turn it into a compromise of the entire GUI system.

Look at the hoops that adversary resistance focused distros like SubgraphOS have to jump through just to mitigate the giant attack surface that X opens.

Until Wayland becomes the usable default standard, "Linux Desktop Security" is an anachronism.

[bkor]

Security should be multi layered. So if one thing fails there's still yet another layer of defence. This because everything will have bugs anyway, so it should be assumed none of the layers will ever be fully secure.

systemd offers various methods to restrict daemons in their abilities. That's hardly used. Only recently tracker started sandboxing their indexers. Why block adding other security laters on Wayland? There's no need to wait, nor do these layers depend on another.

[digi_owl]

The best defense in this regard is not do jack all unless the user asks for it.

[bkor]

That's how Flatpak works with its portals, so assume you'll now read what I wrote instead of simple responses?

[digi_owl]

Should have guessed you would claim that monstrosity as the fix for your (Gnome's) other monstrosity.

[bkor]

I didn't argue that there's one fix, I mentioned that there should be multiple layers. If you'd read what I write you'd have known this. Further, just being negative and calling names vs maybe making an argument isn't helping your case.

You dislike GNOME.. meh.