[Printing-architecture] [lsb-discuss] LSB 4.0 and printing

Ira McDonald blueroofmusic at gmail.com
Thu Mar 27 10:42:25 PDT 2008 

Hi,

My two cents...

I agree with Klaus.  Network scanning (remote submission of scan jobs)
is ALWAYS done from a client desktop machine directly to the networked
scanner or multifunction device.  Adding SANE packages to a Linux server
never makes sense in the real world - just one more needless security risk.

Cheers,
- Ira

-- 
Ira McDonald (Musician / Software Architect)
Chair - Linux Foundation Open Printing WG
Blue Roof Music/High North Inc
email: blueroofmusic at gmail.com
winter:
 579 Park Place Saline, MI 48176
 734-944-0094
summer:
 PO Box 221 Grand Marais, MI 49839
 906-494-2434


On Thu, Mar 27, 2008 at 12:55 PM, Klaus Singvogel <kssingvo at suse.de> wrote:
> Johannes Meixner wrote:
>  >
>  > Have a network scanner (a scanner with ethernet connection)
>  > in an office for several people.
>
>  If the scanner has ethernet connection, any user can install drivers
>  on his _desktop_. No need to restrict installation on a _server_, or?
>
>  > Run the scanner driver (the SANE backend) together with
>  > the saned on an arbitrary server machine somewhere in
>  > a locked server room to have both the driver and the
>  > access permission stuff under full control of the admin
>  > of the central server.
>
>  What's the advantage of your model? It seems not very practicable and
>  a bit uncommon to me.
>
>  Restricting printing access is easy to explain: every single page
>  printed out costs resources (paper, toner, etc).
>
>  But scanning?
>
>  Why restricting a network scanner to special users and not to a
>  special, secure place? If there is no trust to all of the users, why
>  is the network scanner physical accessible to anyone, with danger of
>  thefts, and the scanning restricted to users? Why not locking the
>  scanner into a restricted room?
>
>  I neither see how you can prevent scanning by the bad guys, if the
>  scanner is still accessible by (physical) anyone and (by software)
>  through whole network?
>
>  I would suggest to setup a special desktop machine with limited
>  physical access in such an scenario into a special secured room. IMHO
>  more secure.
>
>  Another solution for your example might be to setup a a _desktop_
>  machine and use (in a limited way) as a server for above scenario. No
>  need to blow up all the other server machines with unnecessary scanner
>  software.
>
>  And I think it is a very limited, uncommon scenario you describe.
>  Let us stay at the more common real life examples, please.
>
>  > Run the scanning frontend together with the SANE "net"
>  > meta-driver on the individual user's workstation where
>  > it doesn't harm others if one user corrupts his workstation.
>
>  Workstation means a desktop machine right? So again: scanning with
>  SANE is done on the desktop machine.
>
>  Kindly regards,
>
>
>         Klaus.
>  --
>  Klaus Singvogel
>  SUSE LINUX Products GmbH
>  Maxfeldstr. 5                     E-Mail: Klaus.Singvogel at SuSE.de
>  90409 Nuernberg                   Phone: +49 (0) 911 740530
>  Germany                           GnuPG-Key-ID: 1024R/5068792D  1994-06-27
>
>  SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
>  _______________________________________________
>  Printing-architecture mailing list
>  Printing-architecture at lists.linux-foundation.org
>  https://lists.linux-foundation.org/mailman/listinfo/printing-architecture
>

More information about the Printing-architecture mailing list