Michael

wording/typo

"In turn compositors can restrict features that sandboxes connections utilize." I think should be "In turn compositors can restrict features that sandboxed connections utilize."

What does this mean?

Would for example OBS be able to blur out security related windows when screencasting, to avoid showing passwords etc? (while allowing the user to see them)

I wonder if this can be used on chromium based apps for better sandboxing support without the current hacks/workaround.

I wonder if The Vivaldi devs will be happy with this?

What about my ex just married another man? What do I do from now?

The way I understand this, this extension is for specifically a sandbox environment to then be given specific policies into the sandbox environment.
I don't know if Flatpak already achieved this already with their project, but it would seem that a Wayland session with this will make it easier for flatpak being more "secure" (if this is the case and/or I understood it right).

This sounds like something DRM would use extensively... and something well meaning devs will use to make my life harder. I'm not looking forward to being prevented from helping my grandma with online banking via a screenshare, just because scammers sometimes do the same thing. Android already allows applications to opt out of being screenshottable

Looking at the linked summary, it looks like the idea is that Wayland already enforces global security policies, and this protocol allows sandboxing engines like Flatpak to draw a fence around everything coming from inside their sandbox so the compositor and the sandboxing engine can work together to do stuff like, say, forbidding Flatpak-packaged ordinary apps from accessing Wayland protocol extensions intended for things like creating out-of-compositor widget panel hosts like KDE's Plasma.

Does flatpak have a proper "Ask the user for permissions" dialog yet for permissions that aren't obvious like selecting file perms? I remeber thhis being an issue and flatpak dismissed it calling it bad UI, which I would immensely disagree with.

There's Flatseal, but that's neither official nor does it offer a popup dialog.

I agree with you on that. I wish EVERY application had a permissions system that was activated upon first run. I think having to resort to a 3rd party to do basic functions is bad design.

Coincidentally, that's 2/3s of why I don't use GNOME...all the 3rd party plugins needed to get what Mate, Budgie, XFCE, KDE, Enlightenment, and more offer out of the box. The other 1/3 is that I don't like CSD and menus in the title bar because I think it's bad UI design to put configuration menus next to window control operations. If GNOME was a car, they'd put the car's radio volume dial next to an ignition dial because they're both dials. Just because they're both dials doesn't mean they belong together. Just because you can make a menu button the size a window control button doesn't mean they all belong together.