While I guess I agree that there is still a race-condition, which could theoretically someday maybe lead to some sort of exploit, as you point out there is now only a vanishingly small chance that some everyday endusers will accidentally reveal their username and password to IRC or Skype. Although it was a reasonably-serious bug before, that deserved a big red warning on the package, I'm pretty confident that necessity is now well in the past. You point to Xorg as the epitome of secure input handling? And yet, Jamie Zawinski has all my passwords stored away in his underground bunker. http://www.jwz.org/xscreensaver/faq.html#setuid Furthermore, Xorg itself has problems with securing VT sessions -- http://www.jwz.org/xscreensaver/faq.html#no-ctl-alt-bs
Point being, it seems like Mir is at least *level* with the security provided by X, if not ahead. At the risk of sounding like the guy responsible for WinME, security *is* actually relative.
p.s. My other point is short and sweet: getting parts of Mir into 13.10 as the default was never about providing *immediate* user-visible benefits. And although I would agree it was at least partly a publicity stunt, to generate buzz, and get out the gate faster than Wayland, I definitely think that was a secondary or tertiary goal. The number one primary goal was UbuntuPhone deals, which may have been accomplished (we'll know based on whether you can buy one before December 25th). But the big desktop goal was to put the Mir codebase through the gauntlet, of getting real-world beta testing by millions of users on all kinds of nutty hardware. That would make pushing Mir into 14.04 LTS *much* more palatable, even if it was non-default in the LTS flavor. So the big loss for endusers is not that they are missing out on some hypothetical cool feature in 13.10 -- it is that Mir will not be as battle-tested when 14.04 comes around. Long-term benefit was always the key here.
Security is relative, and short-term user-visible benefit was prolly never the point
Point being, it seems like Mir is at least *level* with the security provided by X, if not ahead. At the risk of sounding like the guy responsible for WinME, security *is* actually relative.
p.s. My other point is short and sweet: getting parts of Mir into 13.10 as the default was never about providing *immediate* user-visible benefits. And although I would agree it was at least partly a publicity stunt, to generate buzz, and get out the gate faster than Wayland, I definitely think that was a secondary or tertiary goal. The number one primary goal was UbuntuPhone deals, which may have been accomplished (we'll know based on whether you can buy one before December 25th). But the big desktop goal was to put the Mir codebase through the gauntlet, of getting real-world beta testing by millions of users on all kinds of nutty hardware. That would make pushing Mir into 14.04 LTS *much* more palatable, even if it was non-default in the LTS flavor. So the big loss for endusers is not that they are missing out on some hypothetical cool feature in 13.10 -- it is that Mir will not be as battle-tested when 14.04 comes around. Long-term benefit was always the key here.