[maemo-developers] [maemo-developers] Re: [maemo-users] 'Locking down' software installation

From: Jonathan Greene atmasphere at atmasphere.net
Date: Thu Feb 15 14:38:15 EET 2007
As a user, I like how this sounds.  I hope it also means that the
Application Manager and user experience will be largely free of having
to add repositories.  This could make finding new applications easier
and more complete than the current process which still requires some
desire to explore and understand the dependency factor.

Is it possible for some of the installs to simply ask for a password -
in the same way that Apple OSX does it.  If you are going to need to
add a file (simple install) it just works, but if the app needs to
write into the system you need to authenticate which alerts you to the
slightly more intense needs of the installer.


On 2/15/07, Marius Vollmer <marius.vollmer at nokia.com> wrote:
> Hi,
> we are planning to put some features into the Application Manager that
> will make it more restrictive when handling the packages that make up
> the operating system itself (as opposed to third party applications).
> We would like to get your feedback on these plans, both from the
> end-user point of view and from the point of view of package
> developers.
> In the future, we hope to be able to provide official updates to the
> operating system itself via packages, and we need to give the
> end-users the confidence that when they intend to install a Nokia
> provided operating system update, they actually get what they think
> they are getting.
> As for the concrete plan:
> There is going to be a 'meta' package that represents the whole
> operating system.  Updates to the OS are done by updating this meta
> package in the Application Manager.  The meta package will have
> dependencies on all packages with their exact versions that make up
> the official OS releases.  The Application Manager will not allow the
> removal of the meta package.
> This means that the Application Manager will not allow you to update
> individual OS packages (or to install third party applications that
> require this), since you would have to remove the meta package for
> that.  It is still possible to install additional 'system' packages,
> just not to upgrade already installed ones.
> A second new feature is that the Application Manager will distinguish
> between "trusted sources" and "non-trusted sources" (based on the key
> used to sign the corresponding repository).  A package that has
> originally been installed from a trusted source will only be allowed
> to be updated (or replaced) from a trusted source.  The flash image is
> also treated as a trusted source, so you will only be able to update
> packages that are pre-installed in the device from trusted sources.
> This makes it easier for the user to be sure that he doesn't pick up
> unwanted system software updates by accident.
> The set of trusted sources will be under control of a power-user: you
> can just add some GPG keys to the right place, but there is no UI to
> do it.  You can also switch the whole lock-down machinery off by going
> to red-pill mode.
> So whaddaya think?  Useful?  Too painful?  Too difficult to escape
> from?
> Some variants that come to mind:
> The meta package could depend on 'this version or later' of a package
> instead of on "exactly this version'.  That would allow it to control
> the update just as much, but would not lock down the configuration of
> the device so much.  The motivation for this lock-down of the device
> configuration is that Nokia (probably, IANAL) doesn't want to support
> any other configuration, and having to 'hack' your system via the
> red-pill mode or similar is a good indication that you are now on your
> own.
> The locked-down upgrade path could support more than one set of
> trusted sources down to the granularity of repositories.  This would
> allow other parties than Nokia to make use of this feature.  That's
> just a smop and might be done.
> (And please understand that all this has nothing to do with preventing
> bad software from doing bad things on your device; it is just about
> giving the user an indication that something fishy is happening (by
> accident) that he probably didn't intend to happen.)
> Thanks!
> _______________________________________________
> maemo-users mailing list
> maemo-users at maemo.org
> https://maemo.org/mailman/listinfo/maemo-users

Jonathan Greene
m 917.560.3000
AIM / iChat - atmasphere
gtalk / jabber - jonathangreene at gmail.com
Gizmo - JonathanGreene
blog - http://www.atmasphere.net/wp

More information about the maemo-developers mailing list