commit: 2d0e5a96ba00d2b331404c7ab9f3882f938cc968
parent 11c5d8c85278dbd8451246fbb785028a29b3ed7e
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Mon, 10 May 2021 09:13:17 +0200
Describe current status and goals
Diffstat:
4 files changed, 77 insertions(+), 31 deletions(-)
diff --git a/README b/README
@@ -1,31 +0,0 @@
-## inaban
-Inaban: Nickname of “稲葉姫子 (Inaba Himeko)”, a character in Kokoro Connect. Picked her for her personality regarding reality and trust.
-
-# Dependencies
-- wlroots 0.13.0+
-- Wayland: wayland-server, wayland-scanner, wayland-protocols
-- (lib)xkbcommon
-
-# Installation
-The usual `make ; make install` works. Running inaban as root (setuid included) is unsupported, you need to use something like seatd or {e,systemd-}logind.
-
-# Inspirations
-## XMonad
-- Most of the shortcuts
-
-## dwm
-- configuration and related code
-
-## cage, sway, rootston
-- wlroots related code
-
-# Goals
-- No client side decorations, might have borders on all the boxes (rendering and hitbox, should they ever manage to differ)
-- Programs wanting to have more than simply asking for a regular surface should need special permissions
- - listing of the surfaces should be something similar to a capability
- - special position/size should be completely managed by the compositor
- - resizes other than done by the compositor are denied
-- If there is tiling should be powerful (like XMonad) yet simple (unlike i3)
-
-## Non-Goals
-- XWayland as anything but a separated Wayland client (would recommend cage for this)
diff --git a/README.md b/README.md
@@ -0,0 +1,37 @@
+## inaban
+Inaban: Nickname of “稲葉姫子 (Inaba Himeko)”, a character in Kokoro Connect. Picked her for her personality regarding reality and trust.
+
+# Dependencies
+- wlroots 0.13.0+
+- Wayland: wayland-server, wayland-scanner, wayland-protocols
+- (lib)xkbcommon
+- a [`checkpassword`](https://cr.yp.to/checkpwd.html) implementation
+
+# Installation
+The usual `make ; make install` works. Running inaban as root (setuid included) is unsupported, you need to use something like seatd or {e,systemd-}logind.
+
+# Inspirations
+## XMonad
+- Most of the shortcuts
+
+## dwm
+- configuration and related code
+
+## cage, sway, rootston
+- wlroots related code
+
+## Design and Goals/Non-Goals/…
+Refer to:
+- <./security.md>
+- <./accessibility.md>
+
+# Goals
+- No client side decorations, might have borders on all the boxes (rendering and hitbox, should they ever manage to differ)
+- Programs wanting to have more than simply asking for a regular surface should need special permissions
+ - listing of the surfaces should be something similar to a capability
+ - special position/size should be completely managed by the compositor
+ - resizes other than done by the compositor are denied
+- If there is tiling should be powerful (like XMonad) yet simple (unlike i3)
+
+## Non-Goals
+- XWayland as anything but a separated Wayland client (would recommend cage for this)
diff --git a/accessibility.md b/accessibility.md
@@ -0,0 +1,12 @@
+# Accessibility
+Until version 1.0 this serves as a roadmap.
+
+## Generic
+- On first startup, it should try to launch orca and quickly ask if it will be needed by the user
+- Interface should be usable with only a 2-button pointer or only a keyboard
+
+## Lockscreen
+- Username, machine name
+- Keyboard layout and modifier status
+- "Access Granted" / "Access Denied" messages
+- Support for braille(brltty) and speech output
diff --git a/security.md b/security.md
@@ -0,0 +1,28 @@
+# Security
+Until version 1.0 this serves as a roadmap.
+
+Report security issues via an email to <contact+inaban@hacktivis.me> with <https://hacktivis.me/reop.pub> as my reop public key.
+
+## Design
+### Focus
+- Keyboard & Pointer focus is synchronised (keyboard focus warps the pointer)
+- Applications cannot steal focus unless explicitely launched by the user
+
+### Special Permissions
+Special permissions are needed for: Screen capturing/recording, app-requested fullscreen, snooping (including for accessibility purposes), monitor settings.
+
+- Because of linux's design, unless an application is registered and launched by the compositor a consent pop-in dialog is displayed
+
+### Fullscreen
+- Applications can't fullscreen themselves (until proper process authentication on linux is discovered)
+
+### Lockscreen
+- Inspired by <https://www.jwz.org/xscreensaver/toolkits.html>
+- Wayland clients compositing (input & graphics) is disabled while locked; this also means that screen recording gets refused or when already authorized gets blank output.
+- Normal applications get title/`app_id`/… displayed when Logo is pressed
+- Separated authentication process launched by the compositor
+ - setuid-root is frowned upon, use TCB shadow
+ - PAM is unsupported, I believe it suffers design issues
+ - Can return only "Valid" or "Denied" to stdout; Other messages trigger a warning
+ - stderr for Error messages
+- Screensavers are unsupported for now, they could be handed a special file descriptor
