Re: [MeeGo-dev] Alt. window managers for MeeGo UX

[Ryan Ware]

On 5/12/11 7:26 AM, "Clark, Joel"  wrote:

>We have reports on the IVI systems that new MeeGo UX apps run
>dramatically slower on matchbox with the EMGD powerVR graphics than they
>do with mcompositor with the same graphics. Since we were switching from
>matchbox to compositor we did not investigate.
>
>Regards
>Joel
>
>On May 12, 2011, at 7:16 AM, "Gabriel M. Beddingfield"
> wrote:
>
>> 
>> 
>> On Thu, 12 May 2011, Michael Leibowitz wrote:
>> 
 Thanks!  Are you using just the window manager... or the
 whole desktop environment.
 
 I'm hoping to use the Tablet UX (meego-ux-daemon) with a
 different WM.
>>> 
>>> I use the whole desktop-- but I run meego-ux-daemon at the same time.
>>> I'm not exactly sure what you're trying to do, but It works for me.
>> 
>> Thanks again!  I'm literally looking for a stable WM that I
>> can use as a drop-in replacement.  (E.g. what have people
>> tried, and is there any special relationships between
>> meego-ux-daemon and mcompositor.)
>> 
>> I need to support a couple of stable, established,
>> Xlib-style applications and mcompositor doesn't handle them
>> right.  (menus don't render, modal dialogs don't appear,
>> some dialogs cause the entire X server to lock up requiring
>> a reboot)  I've been trying to debug mcompositor's issue,
>> but I think I may need to cut bait and move on (if
>> possible).
>> 
>> -gabriel

For MeeGo 1.1 systems, there is a zypper pattern for XFCE Desktop.  This
pattern no longer exists in Trunk or 1.2.

Besides Auke's home directory, I also have a home:rrware:xfce48 sandbox if
your adventurous.

Ryan


___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev
http://wiki.meego.com/Mailing_list_guidelines

Re: [MeeGo-dev] MSSF manifests in RPM

[Ryan Ware]

On 5/2/11 7:12 AM, "Alberto Mardegan"  wrote:

>(moving thread to meego-architecture)
>
>On 05/02/2011 04:53 PM, Arjan van de Ven wrote:
>> On 5/2/2011 5:39 AM, Alberto Mardegan wrote:
>>> Hi all,
>>> what is the current state of MSSF manifest files in MeeGo?
>>
>> the current state is that MSSF is not part of, or integrated into,
>>MeeGo... and
>> won't be.

To be explicit, portions of MSSF were incorporated into the
devel:security:mssf sandbox in OBS.  However, a complete solution never
made it into MeeGo and MeeGo will not be using MSSF as a future solution.
We will be using different Linux technologies to support many of the same
security goals.

>Mmm... but I think we all agree that a security framework is needed. What
>will 
>it be, then?

We will have a broader security framework.  There have been discussions on
different aspects of it on the meego-security-discussion mail list.  A
final framework should be published by the end of May.

>In your mail from March 7th, you announced that the long term focus for
>the 
>MeeGo security would be end-user privacy. To me, that also means having
>the 
>means for a process which "owns" some of the user data to establish the
>identity 
>of another process which requests access to the said data. IMHO, this is
>something that MSSF is doing very well in Harmattan, so I hope that this
>possibility will also come to MeeGo.

Having this ability is not unique to MSSF.  There are other Linux
technologies that are applicable to this.

>Without this, you basically cannot give different access rights to
>applications 
>which are coming from a trusted origin (such as the device manufacturer
>or an 
>approved application store) and applications coming from the community.

As I said above, there are other Linux technologies to do this.  For
example, Android does this via uid/gid separation.  I think that is
inadequate in and of itself, but am using it simply to illustrate the
point.  

Ryan

>Ciao,
>   Alberto
>
>-- 
>http://blog.mardy.it <-- geek in un lingua international!
>___
>MeeGo-dev mailing list
>MeeGo-dev@meego.com
>http://lists.meego.com/listinfo/meego-dev
>http://wiki.meego.com/Mailing_list_guidelines


___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev
http://wiki.meego.com/Mailing_list_guidelines

Re: [MeeGo-dev] Meego Bugs Access Denied

[Ryan Ware]

> -Original Message-
> From: meego-dev-boun...@meego.com [mailto:meego-dev-boun...@meego.com] On
> Behalf Of Marius Vollmer
> Sent: Thursday, March 31, 2011 12:08 AM
> To: ext eric.le-r...@nokia.com
> Cc: meego-dev@meego.com
> Subject: Re: [MeeGo-dev] Meego Bugs Access Denied
> 
> "ext eric.le-r...@nokia.com"  writes:
> 
> > Indeed, file a request so we make the warning more user friendly,
> > thanks.
> 
> Can't you just do it without having a request filed?

These things need to be tracked.  Please file a request.

Ryan

___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev
http://wiki.meego.com/Mailing_list_guidelines

Re: [MeeGo-dev] Using meego-dev for the Accounts & SSO project

[Ryan Ware]

On 03/25/2011 12:33 AM, Michael Przybilski wrote:
Since the code is in gitorious and also the bug-fixes have been done 
in the MeeGo bugzilla, I think it only makes sense to also have the 
discussions in public. That said, I'd suggest that it might be better 
to have this in the MeeGo-security ml instead.


If the group feels that MeeGo-Security-Discussion is a better place for 
this, I don't have a problem with it.  That said, continuing to have 
these discussions on an internal only mail list is problematic.  It does 
not allow us to discuss the shortcomings and issues with the current 
Accounts & SSO solution with the people that are developing it.


I think it's pretty simple.  If the relevant stakeholders want to 
continue having their discussions on a private mail list, their solution 
will become less and less relevant to MeeGo.


Ryan

___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev
http://wiki.meego.com/Mailing_list_guidelines

Re: [MeeGo-dev] Using meego-dev for the Accounts & SSO project

[Ryan Ware]

On 03/25/2011 12:52 AM, Rob Staudinger wrote:

On Fri, 2011-03-25 at 09:10 +0200, Alberto Mardegan wrote:

Hi all,
I'd like to hear your comments about the possibility of moving the
development team discussions from an internal (and not public) Nokia mailing
list to meego-dev.
I would estimate the traffic to be from 1 to 5 messages per day (with some
occasional spikes, of course) and being mostly consisting of patches and review
comments.

I would encourage you to do patch review in bugzilla primarily, and tie
in the mailing list only if there's need to. Yes, I'm aware that the
contribution guidelines say that a patch needs to go onto the ML first.


I'd suggest following the contribution guidelines.  They are there for a 
reason.  If we want to change the guidelines, then there's a discussion 
to be had.


Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev
http://wiki.meego.com/Mailing_list_guidelines

Re: [MeeGo-dev] [Meego-architecture] Some architecture changes (MSSF / Buteo / PIM storage)

[Ryan Ware]

On Tue, Mar 8, 2011 at 8:35 AM, Arjan van de Ven wrote:

> On 3/8/2011 1:39 AM, Martyn Russell wrote:
>
>> On 08/03/11 06:32, Marius Vollmer wrote:
>>
>>> ext Arjan van de Ven  writes:
>>>
>>>  (we're seeing quite some crashes, which worries me from a security
 pov)

>>>
>>> In my experience, these crashes happen mostly in the various extractor
>>> modules, which try to parse as many obscure file formats as possible,
>>> sometimes with quationable code.  This task is done in separate
>>> processes (with as few capabilities as possible, ideally), to protect
>>> the rest of the system from them.
>>>
>>
>> Just to add to Marius' comments here:
>>
>> Yes, he is 100% right. From very early on, we decided to design the
>> extractor as a separate process because we often see crashes with rogue
>> files pushed through the mill crashing for different reasons. I should
>> emphasis at this point, this is rarely tracker-extract's fault, but more
>> commonly the libraries we depend on crashing with interesting files. We've
>> seen this with GStreamer, libjpeg, libtiff, poppler, etc.
>>
>
> kinda scary... we need to pay close attention to these.


We need to pay *extremely* close attention to these.  These types of
failures are indicative of buffer handling errors.   If we aren't handling
these buffers correctly (for whatever reason), then we *will* have security
issues.  Be it tracker-extract's fault or one of it's dependent libraries,
these behaviors are not acceptable in MeeGo.

Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev
http://wiki.meego.com/Mailing_list_guidelines

Re: [MeeGo-dev] CDSA

[Ryan Ware]

From:  Praveen Gupta 
Date:  Thu, 24 Feb 2011 13:43:58 -0800
To:  , 
Subject:  [MeeGo-dev] CDSA


>Hello,
> 
>Does Meego has any plans to support CDSA security framework ?
> 
>Thx, -Praveen

We don't currently have any feature requests to support CDSA.

Ryan


> 


___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev
http://wiki.meego.com/Mailing_list_guidelines

Re: [MeeGo-dev] not authorized to access bug

[Ryan Ware]

On 2/28/11 9:58 AM, "Antti Kaijanmäki" 
wrote:

>Hello,
>
>I was looking through curl changelog in MeeGo trunk and came across this
>entry:
>
>* Mon Nov 15 2010 Martin Xu  - 7.21.2
>- upgrade to 7.21.2 to fix BMC #9292
>
>
>I then tried to access https://bugs.meego.com/show_bug.cgi?id=9292 but
>all I got was a unfriendly notification "You are not authorized to
>access bug #9292". Why is that bug not accessible even though the bug
>has been fixed three months ago? And why is it restricted in the first
>place? A security vulnerability procedure, perhaps?
>

Sorry.  You should have access now.

The policy is that security bugs are closed while MeeGo is still
vulnerable to them.  Once a fix is released and available in the update
repos, the policy is to remove all restrictions on the bug to make it
publicly accessible.

Ryan


___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev
http://wiki.meego.com/Mailing_list_guidelines

Re: [MeeGo-dev] Pulseaudio issue

[Ryan Ware]

On Feb 15, 2011, at 5:45 AM, Gabriel M. Beddingfield wrote:

> On Monday, February 14, 2011 11:40:03 pm 백진욱 wrote:
>> Hi,
>> I have following problem with pulseaudio in meego handset
>> 1.1.90.
> 
> The devs have been asking that you file a bug, even for 
> bleeding-edge 'trunk' issues like this.

Please!  If you don't file a bug at http://bugs.meego.com, the issue might fall 
off the radar.

Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev
http://wiki.meego.com/Mailing_list_guidelines

[MeeGo-dev] MeeGo Security Architecture

[Ryan Ware]

I wanted to let everyone on this list know that the initial revision of
the MeeGo Security Architecture has been published in the MeeGo wiki here:
http://wiki.meego.com/Security/Architecture

I know many of you will consider this long overdue.  To those I apologize.
 

I also want to publicly recognize Elena Reshetova, Janne Karhunen and
Casey Schaufler for their innumerable contributions.

Please direct any questions or concerns you may have to the
meego-security-discuss...@meego.com list.  While the security architecture
touches on many different aspects of MeeGo (hence the reason for the broad
distribution list), I want to ensure the discussion is centralized in one
place and we aren't cross-posting across numerous lists.

In the coming days I will also be expanding the wiki security page to
point to other aspects of MeeGo security.

Thanks,

Ryan Ware
MeeGo Security Lead


___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] build.meego.com Down

[Ryan Ware]

Server is back up.

Ryan

On Jan 24, 2011, at 1:00 PM, Ryan Ware wrote:

> All,
> 
> As some of you may be aware, build.meego.com is down at the moment.  We've 
> had a glitch with the hardware there and Adam is diligently working to 
> resolve the issue.  We will give you more information as we get it.  I'd ask 
> not to contact Adam directly about it and let him work on getting things back 
> up.
> 
> Ryan
> ___
> MeeGo-dev mailing list
> MeeGo-dev@meego.com
> http://lists.meego.com/listinfo/meego-dev

___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

[MeeGo-dev] build.meego.com Down

[Ryan Ware]

All,

As some of you may be aware, build.meego.com is down at the moment.  We've had 
a glitch with the hardware there and Adam is diligently working to resolve the 
issue.  We will give you more information as we get it.  I'd ask not to contact 
Adam directly about it and let him work on getting things back up.

Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] [MeeGo-SDK] [Security part of the meego1.1]

[Ryan Ware]

On Jan 18, 2011, at 5:23 PM, yfengying wrote:

> Hi All:
>  
> in meego1.0 release, security is not a part of it, so I want to know does 
> security is part of meego1.1,
>  
> in the rpm list of meego1.1, i not found any rpms which group name is 
> "Security",
>  
> if it has, i want to know how can i get them or their names?

MeeGo 1.1 includes standard Linux security solutions.  MeeGo 1.2 will include a 
full security framework.  There is more information on what will be included in 
1.2 here 
(http://conference2010.meego.com/session/mobile-simplified-security-framework-overview).

Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] ospm

[Ryan Ware]

| the ospm package in MeeGo needs to be deleted entirely, it serves no
useful
| purpose.

Has it been nominated for removal?

Ryan

___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] Is MeeGo a Google product?

[Ryan Ware]

On 12/26/2010 01:34 PM, Robinson Tryon wrote:

On Sun, Dec 26, 2010 at 9:03 AM, Arjan van de Ven  wrote:

On 12/25/2010 8:34 PM, Gaveen Prabhasara wrote:

On Sat, Dec 25, 2010 at 5:18 PM, Thiago Macieirawrote:

On Saturday, 25 de December de 2010 07:10:59 sajeev.manikk...@nokia.com
wrote:

Hi,

Can't Google Chrome be out of MeeGo distribution? I mean make it
available
as a seperate downloadable on top of MeeGo distribution. So that no
special
mention and projection of it required.

Yes, that's a reasonable way to resolve these two issues.


We can. There is a netbook build without Chrome.

The big issue here is not that we have a build with Chrome. The big
issues are that the *default* build we're promoting on the *front
page* of the (FOSS) MeeGo project
(1) Includes a non-Free browser, and
(2) Has the word "Google" all over the download links/surrounding text.


Ummm... Looking down the right hand side of http://www.meego.com, I see:

* MeeGo v1.1 SDK
* MeeGo v1.1 Core Software Platform
* MeeGo v1.1 for Handset
* MeeGo v1.1 for Netbooks (FYI, this only has Chromium, not Chrome.)
* MeeGo v1.1 for In-Vehicle Infotainment (IVI)
* MeeGo v1.1 for Netbooks (Google Chrome Browser)

Not only is Chrome not a "default" but the netbook image with Chrome is 
the last thing listed on the page.



But that doesn't help with having a nice browser by default.

What about Firefox? They were co-operative as much as to
have a separate Maemo version. So is there any specific
reason why it's been overlooked in favour or Chrome?

To be very blunt... Firefox isn't nearly as good a browser as Chrome or
Chromium.

First, what's so bad about Firefox?

Second, even if Firefox isn't as good as Chrome or Chromium, then why
are we bundling-in Chrome and not just Chromium? If we were to use
Chromium by default, then
(1) We'd have a FaiF browser, and
(2) We wouldn't have to display Google's name in such a visible manner
for EULA notices.

We *are* using Chromium by default.  Go download the image and check for 
yourself.


And for what it's worth, there's nothing that prevents you from using 
Firefox on MeeGo if that is your preferred browser.  If you feel 
strongly enough to make the change, then getting it from Mozilla's site 
shouldn't be that much heartburn.


Ryan

What do people think about using Chromium by default?

--R
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev



___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] Using "meego" or similar in packages and distro names

[Ryan Ware]

On Dec 14, 2010, at 8:50 AM, Arjan van de Ven wrote:

> On 12/14/2010 8:47 AM, Julian Andres Klode wrote:
>> On Di, 2010-12-14 at 08:35 -0800, Arjan van de Ven wrote:
>>> On 12/14/2010 7:57 AM, quim@nokia.com wrote:
 Hi, let's see if we can move into specific details to find and fix 
 whatever is problematic in this discussion about using anything close to 
 "meego" in packages and distro names.
>>> 
>>> Can that discussion *PLEASE* move away from the development list and
>>> onto the community list?
>>> That's where it belongs since it has NOTHING to do with the development
>>> of MeeGo itself.
>> So, you think that the names of packages are not important for the
>> development? I don't see how package names belong to the "Community
>> Building and Infrastructure" topic (and I'm not subscribed there).
> 
> the whole compliance and naming *discussion* has nothing to do with MeeGo 
> distro development, no.
> 
> if there is a final conclusion and the TSG makes a decision... it might make 
> sense to let this list know about that.
> but the discussion is very offtopic for this list.


I completely agree with this assessment.  This discussion is completely off 
topic here.

Ryan 
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] Meego Bugs Access Denied

[Ryan Ware]

On Mon, Nov 1, 2010 at 10:51 AM, Jeremiah Foster <
jeremiah.fos...@pelagicore.com> wrote:

>
> ...snip...
>
> My understanding with most Open Source projects is that bugs would never be
> hidden - the current policy, even if it applies to just one hardware vendor,
> seems to be in direct contradiction to the Linux Foundation claims to
> openness. I'd like to point out that the Linux Foundation bylaws state;
>  "The purposes of this corporation include promoting, protecting, and
> standardizing Linux and open source software."
>

Then your understanding is incorrect.  As I've previously explained the vast
majority (if not all) highly visible open source projects keep security
issues closed until they are resolved.

That said, there is no reason I see that this particular bug should have
been anything but open.

Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] Meego Bugs Access Denied

[Ryan Ware]

On Thu, Oct 28, 2010 at 12:37 PM, Warren Baird
wrote:

> On Thu, Oct 28, 2010 at 2:17 PM, Ryan Ware  wrote:
> >
> >
> > There are a number of bugs in the MeeGo Bugzilla that are restricted
> > specifically to the security group.
>
> I suspect everyone understands the need to limit access to security
> bugs - I certainly do.   However, the OP and the immediate follow up
> made no mention of security issues...
>
> If the only issues with restricted access are security issues, that's
> great - but Eric's follow seems to imply that there are non-security
> bugs that will be restricted, and that we can expect more until some
> non-described problem is sorted out...
>
> If some bugs are being restricted without a good reason - I'd agree
> with Bradley that it's a pretty serious issue.
>
>
>
Thanks for the understanding on security issues.  I know that this
discussion wasn't really kicked off because of a bug with security concerns,
but I wanted to put my position on that out to the community because it was
subsequently brought up.  I also agree that if there is not a good reason
that is broadly accepted by the community as to why a bug or class of bugs
is closed to the community, there is a significant issue that needs to be
addressed.

Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] Meego Bugs Access Denied

[Ryan Ware]

On Thu, Oct 28, 2010 at 6:18 AM, Thiago Macieira  wrote:

> On Thursday, 28 de October de 2010 05:44:09 Bradley Smith wrote:
> > You need to be presenting a darn good reason why bugs are not being
> > shown to everyone.
>
> Usually that reason is "security issue" or "customer sensitive
> information".
>
> But like you said, there should be a way to request access for people who
> need
> to know.
>
>
There are a number of bugs in the MeeGo Bugzilla that are restricted
specifically to the security group.  They remain closed to only the security
group, the bug submitter and the cc list until a fix for the security issue
is available.  Once a fix is available, the bug is made public.  The reason
for this is that until a fix is in place, the bug is essentially a map on
how to exploit a MeeGo system.  We also have commitments to keep certain
bugs embargoed until a fix is available for the majority of Linux
distributions.

While I strongly appreciate the need for access of information in an open
project like this (and I try to error on the side of the community), this is
also best practices as followed by all the leading Linux distributions.

If anyone here feels that they need access to a specific security related
bug, please send me an email and I will evaluate and see what we can do.

Thanks,

Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] Meego Image Creation.

[Ryan Ware]

On Tue, Oct 26, 2010 at 5:03 AM, Porwar, Surendra  wrote:

>  Hi All,
>
>
>
> I am using ubuntu 10.04LTS and when I tried installing MIC following the
> steps mentioned in http://wiki.meego.com/Image_Creation
>
>
>
> Also in step 2 upon NO_PUBKEY 0BC7BEC479FC1F8A error the first command
> needs to be modified from
>
> gpg --keyserver subkeys.pgp.net --recv 0BC7BEC479FC1F8A
>
> to
>
> gpg --keyserver subkeys.pgp.net –recv-keys 0BC7BEC479FC1F8A
>
>
>
And I don't think this is an error.  "--recv" works just fine, although
yours is what's in the documentation.

Ryan

>
>
> Step 3 under installation steps for ubuntu 9.10,10.04  which is sudo
> apt-get install syslinux=3.85 is failing.
>
>
>
> Also on ubuntu 10.04 LTS the default syslinux version is
> 2:3.63-dfsg-2ubuntu3. I tried installing syslinux 4.03 but still while
> running  sudo apt-get install mic2 I get the error:
>
>
>
> Mic2: Depends: syslinux(>=2:3.82) but it is 2:3.63-dfsg-2ubuntu3 going to
> be installed
>
>
>
> How should I get this working?
>
>
>
> Thanks.
>
>
>
> Best Regards,
>
> Suren
>
>
>
>
>
> ___
> MeeGo-dev mailing list
> MeeGo-dev@meego.com
> http://lists.meego.com/listinfo/meego-dev
>
>
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] meego security

[Ryan Ware]

For 1.1, we still have basic, Linux security functionality in place.
 Features of the security framework will start showing up in MeeGo 1.2.  If
you would like a closer look at what currently exists, you can take a look
here: http://meego.gitorious.org/meego-platform-security

Ryan

On Fri, Oct 22, 2010 at 4:23 AM, praveen pandey wrote:

> Hi,
>
> Can anyone elaborate about
> - What all Security features are going to be supported in Meego 1.1
> release.?
>
> Regards,
> PP
>
> ___
> MeeGo-dev mailing list
> MeeGo-dev@meego.com
> http://lists.meego.com/listinfo/meego-dev
>
>
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] Meego Image Creation.

[Ryan Ware]

On Tue, Oct 26, 2010 at 5:03 AM, Porwar, Surendra  wrote:

>  Hi All,
>
>
>
> I am using ubuntu 10.04LTS and when I tried installing MIC following the
> steps mentioned in http://wiki.meego.com/Image_Creation
>
>
>
> Also in step 2 upon NO_PUBKEY 0BC7BEC479FC1F8A error the first command
> needs to be modified from
>
> gpg --keyserver subkeys.pgp.net --recv 0BC7BEC479FC1F8A
>
> to
>
> gpg --keyserver subkeys.pgp.net –recv-keys 0BC7BEC479FC1F8A
>
>
>
>
>
> Step 3 under installation steps for ubuntu 9.10,10.04  which is sudo
> apt-get install syslinux=3.85 is failing.
>
>
>
> Also on ubuntu 10.04 LTS the default syslinux version is
> 2:3.63-dfsg-2ubuntu3. I tried installing syslinux 4.03 but still while
> running  sudo apt-get install mic2 I get the error:
>
>
>
> Mic2: Depends: syslinux(>=2:3.82) but it is 2:3.63-dfsg-2ubuntu3 going to
> be installed
>
>
>
> How should I get this working?
>

Can you file a bug on this Suren in http://bugs.meego.com?

Ryan


>
>
> Thanks.
>
>
>
> Best Regards,
>
> Suren
>
>
>
>
>
> ___
> MeeGo-dev mailing list
> MeeGo-dev@meego.com
> http://lists.meego.com/listinfo/meego-dev
>
>
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] Trademark compliance, name usage, etc.

[Ryan Ware]

On 09/23/2010 02:24 PM, Greg KH wrote:
> On Thu, Sep 23, 2010 at 01:59:14PM -0700, Ryan Ware wrote:
>   
>> On 09/23/2010 01:29 PM, Greg KH wrote:
>> 
>>> I don't know what it is these days, as there's only been one release,
>>> and that's the netbook 1.0 one.
>>>
>>>   
>>>   
>> Not to be pedantic about it, but there has also been the Handset Day 1
>> release,
>> 
> Which isn't a "real" release in that it's supported and shipping on any
> devices.
>   
True, but it didn't get out there without any effort.  I also forgot the
IVI release.
>> update 1.0.1, update 1.0.2 and update 1.0.3.
>> 
> All subsets of 1.0 :)
>
>   
I wasn't arguing different, but do consider them releases that we
support.  If not, it would personally save a lot of my time.  ;-)

Ryan
> thanks,
>
> greg 'pedantics-r-us' k-h
>
>   

___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] Review board for MeeGo

[Ryan Ware]

On 09/18/2010 08:50 AM, Felipe Contreras wrote:
> And I don't like either. I suggest mailing lists for code review, just
> like many successful and dynamic projects do (linux, qemu, ffmpeg,
> vlc):
> http://felipec.wordpress.com/2010/01/19/why-bugzilla-sucks-for-handling-patches/
>   
Sorry for the delayed response, but I completely agree with this for a
number of reasons.  We have to keep in mind that much of the development
actually needs to go upstream.  The vast majority of the code in MeeGo
comes directly from upstream.  Yes, we do have some patches and other
items that _are_ MeeGo specific, but that needs to be the very
infrequent exception and not the rule.

In the cases which do readily exist for code submissions directly into
MeeGo, the mail list format works exceedingly well.  It has worked for
large, dynamic projects for a long period of time and has a track record
that can be predicted and relied upon.  No, it's not perfect, but as the
person responsible for ensuring security defects are corrected in a
timely and responsive manner, I think the track record shows that mail
lists find a large percentage of the issues while the other tools
mentioned in this thread don't have a similar extensive track record.

Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] Trademark compliance, name usage, etc.

[Ryan Ware]

On 09/23/2010 01:29 PM, Greg KH wrote:
> I don't know what it is these days, as there's only been one release,
> and that's the netbook 1.0 one.
>
>   
Not to be pedantic about it, but there has also been the Handset Day 1
release, update 1.0.1, update 1.0.2 and update 1.0.3.

Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

[MeeGo-dev] [announce] MeeGo Security Discussion List

[Ryan Ware]

All,

Like Arjan did for the kernel mail list, I would like to announce the
creation/existence of the MeeGo Security Discussion list and would like
to invite any and all who are interested in various parts of MeeGo
security (generic OS configuration, security framework, infrastructure
security, etc.)

The mailman interface for this list is at
http://lists.meego.com/listinfo/meego-security-discussion

If you have any questions/concerns, please feel free to voice them here
or email me directly.  As always, if you feel you have found a security
issue with meego, please report it to secur...@meego.com.

Thanks,

Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] non SSSE3 MeeGo

[Ryan Ware]

On 08/12/2010 06:42 AM, David Greaves wrote:

On 12/08/10 00:06, martin brook wrote:
   

Hi,

After a lively discussion on #meego
(http://mg.pov.lt/meego-irclog/%23meego.2010-08-11.log.html from 21:17)
I have created a wiki page to further community developmet of a non
SSSE3 Meego build.

http://wiki.meego.com/Devices/nonSSSE3

If you can help in any way or have any comments please add your meego
nick to the wiki with details or catch up with us in #meego
 

And I've been collecting comments - not all of which are mine and not all of
which stand up to scrutiny - but which I think *do* reflect a lot of opinions
and general 'buzz'.

http://mer-l-in.blogspot.com/2010/08/are-intel-subverting-meegocom.html

   

David,

Seeing your post is a bit disconcerting.  I would completely disagree 
that there are problems on non-Atom hardware.  The specific problem is 
that a Core 2 or newer is needed.  Yes, that still does leave a lot of 
older hardware out in the cold since they do not support SSE3.  It does 
however, include a lot of hardware that is out there.  It did start 
selling in July of 2006.


I understand that you say some of the points on the blog post don't 
stand up to scrutiny, but it would be really helpful if you pointed out 
which ones didn't.


BTW, this is being sent from a Lenovo T400 running MeeGo which 
definitely doesn't use an Atom.


Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] MeeGo 1.0 Update for Netbooks

[Ryan Ware]

On 08/10/2010 08:52 AM, Arjan van de Ven wrote:

On 8/10/2010 2:04 AM, Glen Gray wrote:
   

Process question,

Are the rollup releases planned to happen on a fixed time basis or is a 
decision made to release a rollup when a certain number criteria are met, be 
that the number of critical bugs fixed or the  number of minor bugs fixed etc.


 

currently we're trying to do these once a month.
not ruling out that we'll skip a month if there's not a lot of content..

   
We may also do a security update out of band of this monthly cadence in 
the case of a critical security update.


Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] repo.meego.com down?

[Ryan Ware]

On 07/20/2010 11:08 PM, fathi.bou...@nokia.com wrote:

http://mirrors.kernel.org/meego/

It doesn't contain tools.
   

I think it actually does: http://mirrors.kernel.org/meego/tools/repos/

Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] Yum problems

[Ryan Ware]

On 07/10/2010 10:33 AM, Michel Alexandre Salim wrote:

On Mon, Jun 7, 2010 at 11:14 AM, Patrick Ohly  wrote:
   

On Mon, 2010-06-07 at 09:16 +0100, Barry Mavin wrote:
 

I have resolved this issue.

FYI this is related to using a wifi connection that is NATed to use
192.169.1.x subnet from a wifi router.

When another subnet is used e.g. 192.168.3.x them it works.
   

I'm not convinced that this is really the root cause.

I had the same issue. In my case, editing /etc/resolv.conf to use my DSL
provider's DNS servers directly solved the problem. I have to do that on
all machines at home because my router's DNS proxy is bogus and at some
point stops working properly.

 

Has this been filed as a bug? I was just hit by the same problem today
-- and intriguingly, ping works just fine, as does curl's command line
tool. It's just yum that cannot download MeeGo's repodata.xml.

My home router is not the best (Vodafone EasyBox) but my other Linux
systems have no problems with it.

Regards,

   
My system at home is set up exactly this way; wireless NAT'ed behind a 
firewall on a 192.168.1.x subnet.  I haven't had any issues with yum.


If in your troubleshooting you believe you've root-caused the issue to a 
MeeGo problem, I recommend filing a bug so we can track and reproduce 
the issue.


Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] MeeGo Packaging Policy : A process proposal

[Ryan Ware]

On 05/21/2010 12:20 PM, Foster, Dawn M wrote:

On May 21, 2010, at 12:06 PM, Elliot Smith wrote:

   

On Fri, 2010-05-21 at 19:11 +0100, Ryan Ware wrote:
 

On 05/20/2010 11:15 PM, Quim Gil wrote:
   

There is a thin line between CMS pages that only some editors can touch
and protected wiki pages that only some editors can touch. Proposal: get
first such page ready in the wiki and then we can discuss case by case
where each one belongs to.

 

I think the line is a bit thicker than you believe.  The problem is that
by default any wiki page can be edited by anyone.  In addition, anyone
can start a _new_ wiki page.  With the CMS, only a few have either the
capability to edit pages or to create entirely new ones and they are
never by default editable by everyone.
   

It is possible to protect pages in the wiki so they're not editable by
just anyone. That doesn't stop someone creating a bogus page which
purports to be official, of course, so that could still be a problem.

 

I just don't see this as being as issue. Several of us monitor all of the wiki 
recent changes, and I'm sure that the documentation team watches their pages. 
We'll catch anything and get it reverted quickly on the off chance that 
something happens. The community collaboration and ease of use / updating on 
the wiki outweighs any potential security risk.

   
I monitor all of those as well via the RSS feed.  If catching something 
and reverting it going to be the plan of record, so be it.  Please 
document that as the POR somewhere.  For the record, I'm against it as I 
believe it to be an unwarranted security risk.  On to other concerns.


Ryan



smime.p7s
Description: S/MIME Cryptographic Signature
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] MeeGo Packaging Policy : A process proposal

[Ryan Ware]

On 05/20/2010 11:15 PM, Quim Gil wrote:

There is a thin line between CMS pages that only some editors can touch
and protected wiki pages that only some editors can touch. Proposal: get
first such page ready in the wiki and then we can discuss case by case
where each one belongs to.
   


I think the line is a bit thicker than you believe.  The problem is that 
by default any wiki page can be edited by anyone.  In addition, anyone 
can start a _new_ wiki page.  With the CMS, only a few have either the 
capability to edit pages or to create entirely new ones and they are 
never by default editable by everyone.


I'd also hate to see us having to decide in an ongoing effort on a page 
by page basis if it should end up in the CMS or the wiki.


Don't get me wrong.  The wiki is a great tool and using it go communally 
create policy content is the perfectly correct approach since that is 
the best collaboration tool we have.  However, things that will be 
mostly static over time (like policies and security advisories) need a 
different home.


Ryan



smime.p7s
Description: S/MIME Cryptographic Signature
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] Meego Market?

[Ryan Ware]

On 03/29/2010 12:28 PM, Warren Baird wrote:

On Mon, Mar 29, 2010 at 6:39 AM, David Greaves  wrote:

   

The barrier to entry in the community is very low. A criminal
(individual or organisation) who have identified Meego as worth
targetting because they've heard the announcements about using the phone
for 'money transactions' may already be amongst us and contributing good
code.
 

I think an important point to consider here is more than just
'criminals', it's "legitimate" people who might want access to data
you don't want to share to them.

   


"Criminals", "legitimate", illegitimate, un-legitimate and 
non-legitimate.  Ensuring the integrity of MeeGo packages as well as the 
inputs to those packages is something at the forefront of our minds.


Know that it's of concern and has focus and we'll be talking more about 
it in the future.  :-)


Ryan



smime.p7s
Description: S/MIME Cryptographic Signature
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev

Re: [MeeGo-dev] what lint tools u guys use when u code for meego

[Ryan Ware]

On 03/17/2010 07:33 PM, 金鑫 wrote:
> I write some clutter applications use clutter and other libs...but
> when i use splint to check the sourcecode...it does not work.so .i
> wonder what lint tools u guys use when u code for meego 

What specific problems are you having with splint?

Ryan
___
MeeGo-dev mailing list
MeeGo-dev@meego.com
http://lists.meego.com/listinfo/meego-dev