[MeeGo-dev] MSSF manifests in RPM
Hi all, what is the current state of MSSF manifest files in MeeGo? In Maemo Harmattan, they are located under the debian/ directory and there are special build rules to add the to the package. What about RPMs? I had a look at the rpm repository [0] (part of the MSSF) and it seems that there is a %mssf directive one can specify in the .spec files, but I cannot find any documentation or examples for it. Last but not last, did MSSF v2 make its way into MeeGo 1.2? Ciao, Alberto [0] https://meego.gitorious.org/meego-platform-security/rpm -- http://blog.mardy.it -- geek in un lingua international! ___ MeeGo-dev mailing list MeeGo-dev@meego.com http://lists.meego.com/listinfo/meego-dev http://wiki.meego.com/Mailing_list_guidelines
Re: [MeeGo-dev] MSSF manifests in RPM
On 5/2/2011 5:39 AM, Alberto Mardegan wrote: Hi all, what is the current state of MSSF manifest files in MeeGo? the current state is that MSSF is not part of, or integrated into, MeeGo... and won't be. ___ MeeGo-dev mailing list MeeGo-dev@meego.com http://lists.meego.com/listinfo/meego-dev http://wiki.meego.com/Mailing_list_guidelines
Re: [MeeGo-dev] MSSF manifests in RPM
(moving thread to meego-architecture) On 05/02/2011 04:53 PM, Arjan van de Ven wrote: On 5/2/2011 5:39 AM, Alberto Mardegan wrote: Hi all, what is the current state of MSSF manifest files in MeeGo? the current state is that MSSF is not part of, or integrated into, MeeGo... and won't be. Mmm... but I think we all agree that a security framework is needed. What will it be, then? In your mail from March 7th, you announced that the long term focus for the MeeGo security would be end-user privacy. To me, that also means having the means for a process which owns some of the user data to establish the identity of another process which requests access to the said data. IMHO, this is something that MSSF is doing very well in Harmattan, so I hope that this possibility will also come to MeeGo. Without this, you basically cannot give different access rights to applications which are coming from a trusted origin (such as the device manufacturer or an approved application store) and applications coming from the community. Ciao, Alberto -- http://blog.mardy.it -- geek in un lingua international! ___ MeeGo-dev mailing list MeeGo-dev@meego.com http://lists.meego.com/listinfo/meego-dev http://wiki.meego.com/Mailing_list_guidelines
Re: [MeeGo-dev] MSSF manifests in RPM
On 5/2/11 7:12 AM, Alberto Mardegan ma...@users.sourceforge.net wrote: (moving thread to meego-architecture) On 05/02/2011 04:53 PM, Arjan van de Ven wrote: On 5/2/2011 5:39 AM, Alberto Mardegan wrote: Hi all, what is the current state of MSSF manifest files in MeeGo? the current state is that MSSF is not part of, or integrated into, MeeGo... and won't be. To be explicit, portions of MSSF were incorporated into the devel:security:mssf sandbox in OBS. However, a complete solution never made it into MeeGo and MeeGo will not be using MSSF as a future solution. We will be using different Linux technologies to support many of the same security goals. Mmm... but I think we all agree that a security framework is needed. What will it be, then? We will have a broader security framework. There have been discussions on different aspects of it on the meego-security-discussion mail list. A final framework should be published by the end of May. In your mail from March 7th, you announced that the long term focus for the MeeGo security would be end-user privacy. To me, that also means having the means for a process which owns some of the user data to establish the identity of another process which requests access to the said data. IMHO, this is something that MSSF is doing very well in Harmattan, so I hope that this possibility will also come to MeeGo. Having this ability is not unique to MSSF. There are other Linux technologies that are applicable to this. Without this, you basically cannot give different access rights to applications which are coming from a trusted origin (such as the device manufacturer or an approved application store) and applications coming from the community. As I said above, there are other Linux technologies to do this. For example, Android does this via uid/gid separation. I think that is inadequate in and of itself, but am using it simply to illustrate the point. Ryan Ciao, Alberto -- http://blog.mardy.it -- geek in un lingua international! ___ MeeGo-dev mailing list MeeGo-dev@meego.com http://lists.meego.com/listinfo/meego-dev http://wiki.meego.com/Mailing_list_guidelines ___ MeeGo-dev mailing list MeeGo-dev@meego.com http://lists.meego.com/listinfo/meego-dev http://wiki.meego.com/Mailing_list_guidelines