Kudos to them. They do great work.

I agree, NetworkManager is excellent. I just wish it was capable to manage bridges and virtual networks for libvirt/lxc.

I'll have to build this with my usual hack for transparent /custom themed tray menu suppport. Wonder if they've fixed the bug with connecting to a hidden wifi connection that forced me to roll back from 1.04 to 1.02?

How can they tell whether a connection is metered or not?

I don't know.
Probably can't.

Probably they let the user define a "warning quota" and "maximum usage quota" as is done in Android.

The flag can be set by the user by any of their connection. If it's used, a DHCP vendor extension field is inspected -- if it contains "ANDROID_METERED" value as is done by Android handsets then we set the flag.

is this anything we could pull upstream? Is there a bug report with a patch filed in bugzilla?

Yes, Jiř? Klime? fixed this. Tracked here: https://bugzilla.gnome.org/show_bug.cgi?id=752173

Great work at breaking openvpn support too in some distros. For some reason they decided they are very special and need very special nm-openvpn user/group. nobody/nobody just does not cut for these gentelmen for some reason. Yes, creating nm-opevpn group/user fixes the problem and this group/acc does not need anything special. As always gnome people must do something to piss people off. Just because.

Yes, sir, using different user for different services is sort of the point of the privilege separation. If multiple services are running as "nobody" user then they're not really unprivileged as they can compromise each others' resources in case of a security issue in some of the the daemons. We've done this to keep you more secure!

The other side of the coin is that we could be a bit better at communicating this. That's sort of my fault not mentioning in the NEWS file or the release announcement. Next time we'll try to be better at this.

On the other hand, the downstream distributions should probably spent some time testing the packages they update instead of just blindly bumping the version numbers. Changes occur. For 1.2 we are considering optionally using systemd security features (easy configuration of private home, seccomp filters, etc.) to confine the VPN plugins even more. While we take care not to break user configurations we can not really ensure the packaging is completely effortless. If your distro fails to do this and breaks user configurations day after a release you may want to consider switching distributions.

Have a nice day.