Ubuntu XMir security leak won't be fixed

Canonical is going the route of Microsoft:

http://mjg59.dreamwidth.org/27327.html

Basically, whatever you type in a virtual container (like your email account passwords or the password to your bank's windows application running in a vitualized window), that will also show up in plain text in the text editor or terminal window that is open in your native session, and will be part of the history of your terminal session etc... so huge security leak.

Apparently Canonical has known this since June now, and they can't fix it, so they have mentioned a disclaimer in a hidden place instead... NOT compliant with free and open source software quality standard, absolutely unacceptable!!! The best joke is that Jono Bacon has commented the above linked article by stating that "it's just a bug, an important bug, but just a bug...", well, dear Mr Bacon, no it's not, it's a disgrace to the open source software community, Canonical should have immediately taken down XMir instead of spreading so much hot air marketing about it, something Canonical has been doing a lot lately... is Canonical a snake oil marketeer or a free and open source software developer...

Basically, what this means is that people that use Ubuntu, shouldn't update and stay with 12.04LTS and Unity6 or Gnome, or they should switch to Xubuntu, which has refused to implement XMir because of the problems with Mir and the huge performance penalty of XMir, and will be implementing Wayland+Weston as soon as XFCE 4.11 comes out, and they have also decided to focus on helping the migration of XFCE from gtk2 to gtk3 so that this may come faster, because it's terribly overdue because of the decision to migrate XFCE entirely before releasing a new version, which is a correct decision given the fast evolution of Wayland, but of course requires a lot of time and effort.

Fixed. :P

http://bazaar.launchpad.net/~mir-team/mir/trunk/revision/1003

Bug #1192843

Just looked at the fix.

They suspend the messaging from Mir to XMir based on focus, and only for keyboard input, not for other inputs. The base problem however is that Mir is still registering input as a whole. Not a fix imo. The problem isn't visible anymore, but it's still there, Mir still registers the inputs in the virtual container in plain text.