Most of the conversation on the previous thread has been about package isolation, but I wanted to make sure the other topics in the spec were also being discussed.
One of our primary goals was to eliminate every bottleneck we could. To that end we detailed a series of restrictions, sandboxing and automated checks that would allow us to trust that these application could not do any accidental harm to the user or the user's system. Human intervention has always become a bottleneck, as man-hours are one resource we can't scale up as the need arises, so removing that from the process has been a key driver for this spec. Besides package isolation, the other important method for protecting our users is with the mandatory use of an AppArmor profile. We, together with the security team, have identified what additional work needs to be done to provide a trustworthy sandbox for applications, and ways of informing the user about what access they those applications will need. Furthermore the AppArmor profile itself will be generated on our servers (MyApps) based on the developer's input, and incorporated into their package automatically. This assures us that the profile is both correctly made and correctly installed, without the developer having to learn how to do it. The only part of the spec that still uses a human review is in verifying the identity of the user (though some process yet to be determined). This is important because, as I mentioned above, the other parts of the spec are only intended to prevent accidental harm, not intentionally malicious code. We believe that verifying the identity of the uploader, so that it is not an anonymous relationship between the uploader and Ubuntu, should prevent intentional abuse on their part. If there is a case of intentional abuse, we would be able to remove that app and prevent the submitter from using the system again. -- Michael Hall mhall...@ubuntu.com -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
