I believe that as far as trust prompts go, we've resolved that they should ultimately never talk to the default Mir socket, which is the only case when they get a splash screen. The backends should open a trust session, even if it's not going to create any UI in the end (that is, if they require a Mir connection to function, as is the case for Oxide). Until we have the headless-client hints implemented on surfaces, you can open the trusted session with dash's PID or whatever else makes sense.
Jury's still out on whether we want to disable splash screens for some apps, but that is more of a UX question than a technical one.
Another approach we might consider is dropping the --desktop_file_hint hack (I believe OA is one of the last instances of it) and think of a different way to allow trusted helpers in. We could also say that only UAL-backed apps get splash screens.
I believe that as far as trust prompts go, we've resolved that they should ultimately never talk to the default Mir socket, which is the only case when they get a splash screen. The backends should open a trust session, even if it's not going to create any UI in the end (that is, if they require a Mir connection to function, as is the case for Oxide). Until we have the headless-client hints implemented on surfaces, you can open the trusted session with dash's PID or whatever else makes sense.
Jury's still out on whether we want to disable splash screens for some apps, but that is more of a UX question than a technical one.
Another approach we might consider is dropping the --desktop_file_hint hack (I believe OA is one of the last instances of it) and think of a different way to allow trusted helpers in. We could also say that only UAL-backed apps get splash screens.