On Thursday, September 06, 2012 04:00:25 PM Michael Hall wrote: > Most of the conversation on the previous thread has been about package > isolation, but I wanted to make sure the other topics in the spec were > also being discussed. > > One of our primary goals was to eliminate every bottleneck we could. To > that end we detailed a series of restrictions, sandboxing and automated > checks that would allow us to trust that these application could not do > any accidental harm to the user or the user's system. Human > intervention has always become a bottleneck, as man-hours are one > resource we can't scale up as the need arises, so removing that from the > process has been a key driver for this spec. > > Besides package isolation, the other important method for protecting our > users is with the mandatory use of an AppArmor profile. We, together > with the security team, have identified what additional work needs to be > done to provide a trustworthy sandbox for applications, and ways of > informing the user about what access they those applications will need. > Furthermore the AppArmor profile itself will be generated on our > servers (MyApps) based on the developer's input, and incorporated into > their package automatically. This assures us that the profile is both > correctly made and correctly installed, without the developer having to > learn how to do it. > > The only part of the spec that still uses a human review is in verifying > the identity of the user (though some process yet to be determined). > This is important because, as I mentioned above, the other parts of the > spec are only intended to prevent accidental harm, not intentionally > malicious code. We believe that verifying the identity of the uploader, > so that it is not an anonymous relationship between the uploader and > Ubuntu, should prevent intentional abuse on their part. If there is a > case of intentional abuse, we would be able to remove that app and > prevent the submitter from using the system again.
Those parts of the spec seemed reasonable to me. You'll have a hard time automating review of copyright/licensing information though. Is there a plan for that? Scott K -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
