It is the same issue with all sandboxing solutions. If your program does not work without giving it excessive permissions, it does not work. If we want to move to a version with minimal privileges, X would still seem like a good platform to work on this. But one would have to work on it, not decide that everything needs to be rewritten all the time.

> the whole XZ ordeal

1 malicious package almost got distributed in 20 years of debian history?

>granting full rights to vim or xeyes

I'm not sure I get what's being discussed here. Standard Xorg runs without root already. And Xeyes definitely 100% run without root, I get why you would you run vim on root, to edit root files, but also don't? Especially if you have plugins, run simple programs like echo>> , ed, grep or nano.

> In practice the only place it shows up is if you are using "ssh -X". That uses the security extension by default. Which is why there is also a "ssh -Y" that disables it for applications that it breaks.

Unless your distro changes the default to make "ssh -X" and "ssh -Y" behave the same which popular distributions do.

> that is what the X developers did with Wayland

This is rather incomplete. For instance, gtk devs already threw out tons of old code in GTK4. Wayland also has fewer features than xorg; and there are also fewer choices available. I noticed this with regards to WMs/DEs. I am not even going to issues wayland has with regards to certain video graphics - that's another not mentioned issue here.

You are trying to pick individual cherries.

> This sort of thing is why to fix X11 security you have to give up backwards compatibility and create a new X version.

I don't think so: https://github.com/X11Libre/xserver

Let's have a look in a little while. I myself hope for better and more transparent information at all times. Probably others want better security overall. Would it not be somewhat interesting if wayland were to be abandoned eventually due to having too few useful features compared to xserver?

except Wayland dropped the baby with the bathtub?

for example standardized window management, left as an exercise to the GUI lib and the compositor? and woop woop X11 GUI apps need to be rewritten to support window management on WSL (Wayland based) and the network reconnect on hybernate also broke.

But at least Games are faster, aren't they...

> Seems like mostly authored by Claude too.

This is a problem in many projects now. xserver and mruby for instance also succumbed to claude. It seems claude is the ultimate virus. It leaks into almost every project now. So I am not sure it can be used as differentiating criterium here merely for being claude AI slop. I've noticed a lot of documentation is now totally useless though; claude slop is just unreadable to me. It's like a person who is not able to think, wrote the documentation. I did not have this issue back when real humans wrote documentation, even though high quality documentation was always rare anyway. But, for instance, Jeremy Evans in his projects tends to write high-quality documentation in general, and I can understand it fine, whereas if you look at matz spinel, I have no idea what the AI slop in the README is really trying to convey. Or on ffmpeg, a german dev used AI slop to try to create some proposal, and someone else pointed out that this is pointless and impossible to read and understand, yet the original guy did not understand why real people don't want to be AI slop spammed. It's very strange.