Jokosher [LSARC/2009/314 FastTrack timeout 06/02/2009]
Brian Cameron
Brian.Cameron at sun.com
Wed Jun 3 17:19:17 PDT 2009
I am marking this case as closed approved 06/03/2009. The only issue
raised was about the way the username/password is stored by the
FreeSound extension, but the security experts expressed that just
modifying the code to not save the username and password information
in the user's $HOME configuraiton is sufficient.
Brian
John Fischer wrote:
> +1
>
> John
>
> Brian Cameron wrote:
>>
>> To make the security issues with the FreeSound extension more clear, I
>> updated section 4.7 of the Jokosher ARC materials as follows:
>>
>> 4.7 Security Impact:
>>
>> The Jokosher FreeSound extension allows users to login to
>> http://www.freesound.org with a username and password. On
>> Solaris, the extension is modified to not save the username or
>> password information in the user's configuration for better
>> security.
>>
>> Note that a FreeSound account allows users to gain access to free
>> sound samples and to post messages on their forum.
>>
>> Also note that the FreeSound website does not use HTTPS, so
>> accessing the account via the Jokosher extension should have the
>> same security as accessing it via a normal web browser
>> application.
>>
>> If anyone feels that it would be best to simply remove the FreeSound
>> extension from Jokosher to avoid any sort of security concerns, that
>> is also possible. It is a nice-to-have feature, not a critical piece
>> of Jokosher functionality.
>>
>> Brian
>>
>>
>> Brian Cameron wrote:
>>> Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI
>>> This information is Copyright 2009 Sun Microsystems
>>> 1. Introduction
>>> 1.1. Project/Component Working Name:
>>> Jokosher
>>> 1.2. Name of Document Author/Supplier:
>>> Author: Brian Cameron
>>> 1.3 Date of This Document:
>>> 20 May, 2009
>>> 4. Technical Description
>>> Template Version: @(#)sac_nextcase %I% %G% SMI
>>> This information is Copyright 2008 Sun Microsystems
>>>
>>> 1. Introduction
>>> 1.1. Project/Component Working Name:
>>>
>>> jokosher
>>>
>>> 1.2. Name of Document Author/Supplier:
>>>
>>> Author: Brian Cameron
>>>
>>> 1.3 Date of This Document:
>>>
>>> 12 May 2009
>>>
>>> 1.4. Name of Major Document Customer(s)/Consumer(s):
>>> 1.4.1. The PAC or CPT you expect to review your project:
>>>
>>> Solaris PAC
>>>
>>> 1.4.2. The ARC(s) you expect to review your project:
>>>
>>> LSARC
>>>
>>> 1.4.3. The Director/VP who is "Sponsoring" this project:
>>>
>>> Robert O'Dea
>>>
>>> 1.4.4. The name of your business unit:
>>>
>>> Software - OPG
>>>
>>> 1.5. Email Aliases:
>>> 1.5.1. Responsible Manager:
>>> leo.binchy at sun.com
>>>
>>> 1.5.2. Responsible Engineer:
>>>
>>> brian.cameron at sun.com
>>>
>>> 1.5.3 Marketing Manager:
>>>
>>> glynn.foster at sun.com
>>>
>>> 1.5.4. Interest List:
>>> desktop-discuss at opensolaris.org
>>> 2. Project Summary
>>> 2.1. Project Description:
>>>
>>> jokosher is a simple, yet powerful multi-track studio written
>>> in Python
>>> that uses GStreamer and gnonlin. With jokosher you can
>>> create and
>>> record music, podcasts and more, all from an integrated simple
>>> environment. It supports recording, editing (e.g. splitting,
>>> trimming,
>>> moving), mixing, and exporting audio. It supports all audio
>>> formats
>>> that are supported by GStreamer. Users can, for example,
>>> purchase
>>> plugins from Fluendo to enable MP3 or WindowsMedia Audio
>>> support.
>>>
>>> jokosher uses the GPL license and contains a license
>>> exception which
>>> allows distribution with non-free GStreamer-plugins.
>>>
>>> 4. Technical Description:
>>> 4.1. Details:
>>>
>>> Jokosher provides a multi-track interface for recording and
>>> mixing
>>> audio. Jokosher supports two workspace modes: the Recording
>>> Workspace
>>> and the Mixing Workspace. The user simply toggles between
>>> the two
>>> modes by clicking on the "Audio Mixers" button in the toolbar.
>>>
>>> When in the Recording Workspace mode, the user may create
>>> multiple
>>> audio tracks. The tracks may either be an existing audio
>>> file which
>>> the user can specify, or be an instrument. The instrument
>>> setting is
>>> intended to be used when the user intends to record the track
>>> into
>>> jokosher. Jokosher provides a set of Instrument
>>> files, which simply specify a
>>> label and an icon for the instrument. When a track is
>>> associated with
>>> an instrument then the track is shown with this label and
>>> icon so that
>>> the user can easily determine what instrument is associated
>>> with each
>>> track.
>>>
>>> When in the Mixing Workspace mode the user can specify the
>>> volume level
>>> and balance setting for each track. Once the mix is
>>> specified, then
>>> the user can use jokosher's "Mixdown" feature to save the
>>> final audio
>>> mix to a file in the desired audio format. The Mixdown
>>> dialog also
>>> allows the user to run user-specified scripts to do any
>>> desired actions
>>> once the mix is completed, such as to upload the file to a
>>> server or to
>>> create a playlist.
>>>
>>> Jokosher projects can be saved in a file format with the
>>> extension
>>> ".jokosher". When reloaded, the track and mixing settings
>>> and all
>>> preferences are restored so a user can continue working on a
>>> project.
>>> These files are associated with the MIME type
>>> "application/x-jokosher".
>>>
>>> Jokosher provides extensions which allow third party
>>> developers to add
>>> features to Jokosher to make it support file types or support
>>> additional functionality. Jokosher includes an extensions
>>> manager
>>> which allows users to add, remove, or configure extensions. [1]
>>>
>>> By default jokosher includes the following extensions:
>>>
>>> - A "Set Tempo" extension which allows the user to set the
>>> tempo for
>>> a project by clicking on a button on each beat during
>>> playback.
>>> - A "Minimal Mode" extension which changes the UI to a minimal
>>> appearance
>>> - An "Instrument Type Manager" extension which allows the
>>> user to specify the label and icon for new instruments, and
>>> to delete any
>>> previously added instruments.
>>> - A "Search FreeSound" extension which will search the FreeSound
>>> library of freely licensable and usable sound clips. The
>>> FreeSound
>>> library can be found at http://www.freesound.org/.
>>> - An "Extension Console" which provides a fully functional
>>> python
>>> console with access to the jokosher extension API and jokosher
>>> internals. Useful for writing or debugging extension code.
>>> - A "Jokosher D-Bus API" extension which allows other
>>> processes to call Jokosher extension API functions via D-Bus.
>>>
>>> Note that, by default, the jokosher FreeSound extension saves
>>> the
>>> user's FreeSound username and password in plaintext in the
>>> user's
>>> jokosher $HOME configuration. When the plugin is used after
>>> initial
>>> login, the username and password values are filled in for the
>>> user.
>>>
>>> However, on Solaris, we will patch the code so that this
>>> feature is
>>> disabled, and the FreeSound extension will not save the
>>> username and
>>> password information to the user's $HOME directory. This
>>> will mean
>>> the user will need to re-enter this information each time
>>> they restart
>>> jokosher and wish to use this plugin.
>>> 4.2. Interfaces:
>>> Exported Interfaces
>>> Stability Comments
>>> ------------------------------------------- ----------
>>> ----------------
>>>
>>> /usr/bin/jokosher Volatile Jokosher
>>>
>>> application.
>>> /usr/lib/python2.6/vendor-packages/Jokosher Volatile
>>> Jokosher python
>>>
>>> implementation.
>>> /usr/share/applications/jokosher.desktop Volatile
>>> Jokosher desktop
>>> file.
>>> /usr/share/gnome/help/jokosher Volatile
>>> Jokosher help
>>> files.
>>> /usr/share/jokosher Volatile Jokosher
>>>
>>> internal data.
>>> /usr/share/jokosher/Instruments Volatile Jokosher
>>>
>>> instrument
>>> files.
>>> /usr/share/jokosher/extensions Volatile Jokosher
>>>
>>> extension files.
>>> /usr/share/jokosher/pixmaps Project
>>> Jokosher image
>>> Private files.
>>> /usr/share/icons/hicolor/48x48/apps/jokosher.png
>>> Project Jokosher
>>> Private
>>> application
>>> image.
>>> /usr/share/pixmaps/jokosher.png Project Jokosher
>>> Private
>>> application
>>> image.
>>> /usr/share/mime/packages/jokosher.xml Volatile
>>> Specifies the
>>> MIME
>>> type for
>>>
>>> jokosher files.
>>> /usr/share/omf/jokosher Project
>>> Jokosher OMF
>>> Private files.
>>> $HOME/.local/share/jokosher Volatile
>>> Jokosher user
>>>
>>> configuration
>>>
>>> SUNWgnonlin Uncommitted Package.
>>> SUNWjokosher Uncommitted Package.
>>>
>>>
>>> Imported Interfaces Stability Comments
>>> --------------- --------------- -----------------------
>>> GNOME Base Libraries Committed LSARC 2006/202
>>> GStreamer Volatile LSARC/2006/202
>>> GNonLin Volatile Not yet filed
>>> Python External PSARC/2005/532 Python
>>> Evolving Migration from
>>> /usr/sfw to /usr and
>>> upgrade to v2.4.x
>>> gst-python Volatile LSARC 2008/105
>>> Pygtk, gnome-python Unstable LSARC 2005/506
>>> D-Bus Volatile LSARC 2006/368
>>> Python Setuptools Uncommitted PSARC 2008/084
>>>
>>> 4.3. Doc Impact:
>>>
>>> jokosher includes Help documentation. Jokosher does not ship
>>> with any
>>> developer documentation, but the help files do point to the
>>> Jokosher
>>> developer webiste for more information about doing things
>>> like writing
>>> extensions.
>>>
>>> 4.4. Packaging & Delivery:
>>> SUNWjokosher - jokosher application.
>>>
>>> 4.5. Dependencies:
>>>
>>> The ARC case for GNonLin, which is being submitted at the
>>> same time
>>> as this case. I will update this section and the Comments
>>> value for
>>> GNonLin in the Imported Interface table to include the ARC
>>> number
>>> when available.
>>>
>>> 4.6. L10N Impact:
>>>
>>> The Desktop team and the G11N are working together to
>>> evaluate and
>>> provide I18N/L10N support.
>>>
>>> 4.7 Security Impact:
>>>
>>> None.
>>> 5. Reference Documents:
>>>
>>> [1] Jokosher Extensions Documentation
>>> http://userdocs.jokosher.org/Extensions/
>>>
>>> Jokosher Website and User Documentation:
>>> http://www.jokosher.org/
>>> http://userdocs.jokosher.org/
>>>
>>> 6. Resources and Schedule
>>> 6.4. Steering Committee requested information
>>> 6.4.1. Consolidation C-team Name:
>>> Desktop
>>> 6.5. ARC review type: FastTrack
>>> 6.6. ARC Exposure: open
>>>
>>>
>>> 6. Resources and Schedule
>>> 6.4. Steering Committee requested information
>>> 6.4.1. Consolidation C-team Name:
>>> Desktop
>>> 6.5. ARC review type: FastTrack
>>> 6.6. ARC Exposure: open
>>>
>>> _______________________________________________
>>> opensolaris-arc mailing list
>>> opensolaris-arc at opensolaris.org
>>
More information about the opensolaris-arc
mailing list