On 09/13/2010 01:58 PM, ext Arjan van de Ven wrote: > so here is a catch; if it is part of Extras and "real apps" depend on > it, suddenly "no security updates" is absolutely not an option.
If it's part of Extras then it's not part of the official MeeGo release and the MeeGo project is not committed to provide official security updates. The MeeGo Extras maintainers must commit to a QA process that would include a procedure to handle security issues, but that's all. > if apps can depend on Extras being there, suddenly the OS size for the > device becomes much bigger. Not the amount present at ship time, > but the amount the OEM needs to reserve for the OS... because now that's > no longer as well known or bounded. Valid concern. Not having MeeGo Extras will solve this problem, though? The pressure from users to install more stuff is a clear trend. In a perfect MeeGo world all app developers would be happy with the official API but at least today it's not the case. Technical solutions exist. If a vendor wants to have a well constrained device then he can simply restrict the repositories via Security Framework. Another solution is to run unsupported libraries on the extended memory à la Maemo /opt http://wiki.maemo.org/Documentation/Maemo_5_Developer_Guide/Packaging,_Deploying_and_Distributing/Installing_under_opt_and_MyDocs More solutions? If we agree on the principle we probably will find more ways to tackle the specific problems. -- Quim Gil MeeGo advocate _______________________________________________ MeeGo-dev mailing list MeeGo-dev@meego.com http://lists.meego.com/listinfo/meego-dev