[maemo-developers] [maemo-developers] IMPORTANT: vulnerability in Application Manager, please check your repositories

[From: David Weinehall]

On ons, 2006-10-25 at 19:54 +0300, ext David Weinehall wrote:
> On ons, 2006-10-25 at 09:39 -0700, ext George Farris wrote:
> > On Wed, 2006-25-10 at 18:57 +0300, David Weinehall wrote:
> > > Most of the quirks have been twisted out now;
> > > it's almost functional, and our legal department is checking it at the
> > > moment.
> > 
> > This has got to be the saddest statement of our society, the fact that
> > the legal department has to check on it.  A simple alarm function, for
> > the love of god that sucks.  "Yup we want to release a new clock but we
> > have to check with the Lawyers first".  "Oh yeah we realize the clock
> > has been around for hundreds of years but.."
> 
> It's quite a lot more than that.  It's not only an alarm function, but
> an entire event management framework.

Oh, and I should add that the legal check is a routine done for all new
components that we intend to open source.  Not everything legal has to
do with patents you know...  The legal department makes sure there's no
mentions of documentation we might have under NDA's, mentions of
unreleased products, that all files contain proper copyright headers,
license headers, that we use suitable licenses (to avoid incompatible
license mixing), make sure there is no leaks of source code that isn't
intended for release, etc.

Some of these checks are stuff that everyone should do anyway; it's
stuff that's routine check when creating any Debian package (the DFSG
checks, etc).

But of course in the corporate world everything needs to have a paper
trail (well, it might be a digital trail these days, I'm not sure -- I'm
not working for the legal department...), so everything takes a lot
longer than in an open source project.  There's also the need for proper
maintenance plans etc.


Regards: David