Em Quarta-feira 08 Setembro 2010, às 14:03:55, Marius Vollmer escreveu: > ext Thiago Macieira <thi...@kde.org> writes: > > The repository-installation instructions must not be activatable by a > > simple browser. A dedicated application should be required. So no > > "click here to add my repo" webpages. > > I don't know, would be nice to allow this, if we can make it safe. > > > Otherwise, this could open up security risks that foreign repositories > > are added and start overriding core packages. > > The security framework in Harmattan (which I think is coming to MeeGo, > too), can help here: It remembers the 'origin' of a package, and only > allows updates to it from the same origin.
Then I propose we do that when we have safety measures, not sooner. That means MeeGo 1.1 should not have it. We're past feature freeze and I am still clueless about what the Harmattan Security Framework is. (And I work for Nokia) -- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Senior Product Manager - Nokia, Qt Development Frameworks PGP/GPG: 0x6EF45358; fingerprint: E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ MeeGo-dev mailing list MeeGo-dev@meego.com http://lists.meego.com/listinfo/meego-dev