PrinterDriverAutoDownload
|
Size: 2467
Comment: integrity/security/reliability issues section
|
Size: 5069
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| '''Launchpad entry: https://features.launchpad.net/distros/ubuntu/+spec/printerdriverautodownload''' | * '''Launchpad entry''': https://features.launchpad.net/distros/ubuntu/+spec/printerdriverautodownload * '''Created''': 2006-10-16 by Till Kamppeter * '''Packages affected''': printerdrake, other printer setup tools, foomatic-db, foomatic-db-engine, printer drivers/PPDs shipped on the CDs == Summary == |
| Line 6: | Line 10: |
== Design == |
|
| Line 12: | Line 18: |
| = Comments = | === Principle === * Add requirements for common printer driver interfaces to LSB 3.2: Driver/renderer (currently GhostScript interfaces IJS, CUPS raster, OpenPrinting Vector, FHS (File System Hierarchy) extension for printer drivers and PPDs. * Make use of other LSB standards, like packaging * Make distribution independent driver packages which work with every LSB-3.2-compliant distro * Attach these packages as downloadable files to the driver entries of the Foomatic database at linuxprinting.org (FSG OpenPrinting) * Make the access both human- and machine-readable * Provide an API for client software to access: List of all printers, drivers, driver packages, available/recommended drivers for a given printer (specified by device ID or Foomatic printer entry), driver free/non-free?, digital signatures, driver download * A printer setup tool could for example detect a printer, check local driver availability and in addition ask the FSG OpenPrinting database for available drivers for this printer. Then install the remote driver if there is no local driver is available or if the local driver is older (update). === Integrity/security/reliability issues === It is not clear that automatically downloading software from a website like this, and running it as root, is a good idea. This is probably OK for ppd files (which are more like data) but driver programs (which convert raster data into a stream for the printer) run as root in the printing system, installing packages might accidentally break unrelated aspects of the system (or the whole system), and there are some worries about whether it's always reasonable for us to decide on our users' behalf to wholly trust the originators of these drivers. ''Remark'': Drivers will not run as root, as the CUPS filter chain is usually executed as a special user like "cupsys" or "lp". They also run in user space and never in kernel space (they are PS --> printer's language filters, so they have more the character of an application and not of a driver). So, to be consistent with our efforts to ensure that post-release our systems are stable and secure, it would be sensible to arrange that these programmatic drivers should be blessed by Ubuntu itself. In which case it probably makes most sense to distribute them via our normal package distribution channels. To make == Comments == |
Automatic download of printer drivers through the internet
Launchpad entry: https://features.launchpad.net/distros/ubuntu/+spec/printerdriverautodownload
Created: 2006-10-16 by Till Kamppeter
Packages affected: printerdrake, other printer setup tools, foomatic-db, foomatic-db-engine, printer drivers/PPDs shipped on the CDs
Summary
The printer setup tool of Ubuntu 7.04 and later should automatically download LSB-packaged printer drivers from linuxprinting.org (will be the FSG OpenPrinting database then). This way we do not need to ship all drivers on the CDs, we are prepared for printers being launched after our release or being supported only by closed-source drivers which we are not allowed to distribute, driver updates, ...
Design
This is based on new functionality which I am currently adding to linuxprinting.org resp. FSG OpenPrinting. See the [https://wiki.ubuntu.com/PrinterDriverAutoDownload?action=AttachFile&do=view&target=FSGOpenPrintingPresentation.pdf attached presentation] ([https://wiki.ubuntu.com/PrinterDriverAutoDownload?action=AttachFile&do=view&target=FSGOpenPrintingPresentation.odp OOo 2.0]) and also
Principle
Add requirements for common printer driver interfaces to LSB 3.2: Driver/renderer (currently GhostScript interfaces IJS, CUPS raster, OpenPrinting Vector, FHS (File System Hierarchy) extension for printer drivers and PPDs.
- Make use of other LSB standards, like packaging
- Make distribution independent driver packages which work with every LSB-3.2-compliant distro
Attach these packages as downloadable files to the driver entries of the Foomatic database at linuxprinting.org (FSG OpenPrinting)
- Make the access both human- and machine-readable
- Provide an API for client software to access: List of all printers, drivers, driver packages, available/recommended drivers for a given printer (specified by device ID or Foomatic printer entry), driver free/non-free?, digital signatures, driver download
A printer setup tool could for example detect a printer, check local driver availability and in addition ask the FSG OpenPrinting database for available drivers for this printer. Then install the remote driver if there is no local driver is available or if the local driver is older (update).
Integrity/security/reliability issues
It is not clear that automatically downloading software from a website like this, and running it as root, is a good idea. This is probably OK for ppd files (which are more like data) but driver programs (which convert raster data into a stream for the printer) run as root in the printing system, installing packages might accidentally break unrelated aspects of the system (or the whole system), and there are some worries about whether it's always reasonable for us to decide on our users' behalf to wholly trust the originators of these drivers.
Remark: Drivers will not run as root, as the CUPS filter chain is usually executed as a special user like "cupsys" or "lp". They also run in user space and never in kernel space (they are PS --> printer's language filters, so they have more the character of an application and not of a driver).
So, to be consistent with our efforts to ensure that post-release our systems are stable and secure, it would be sensible to arrange that these programmatic drivers should be blessed by Ubuntu itself. In which case it probably makes most sense to distribute them via our normal package distribution channels.
To make
Comments
The drivers do need to be on the cd, not all people have a broadband internet connection.
The most important drivers (HPLIP, GutenPrint, GhostScript built-in, ...) will continue to be on the CD, only less important drivers or drivers which cannot be shipped due to copyright reasons will be supplied via internet. The automatic internet download also serves for driver updates.
Integrity/security/reliability issues
It is not clear that automatically downloading software from a website like this, and running it as root, is a good idea. This is probably OK for ppd files (which are more like data) but driver programs (which convert raster data into a stream for the printer) run as root in the printing system, installing packages might accidentally break unrelated aspects of the system (or the whole system), and there are some worries about whether it's always reasonable for us to decide on our users' behalf to wholly trust the originators of these drivers.
So, to be consistent with our efforts to ensure that post-release our systems are stable and secure, it would be sensible to arrange that these programmatic drivers should be blessed by Ubuntu itself. In which case it probably makes most sense to distribute them via our normal package distribution channels.
-IanJackson 7.11.2006 apropos of discussion in the bof on Sunday.
PrinterDriverAutoDownload (last edited 2008-08-06 16:35:34 by localhost)