[maemo-developers] What's the best attack? (Re: How to use extras-testing correctly?)`

From: gary liquid liquid at gmail.com
Date: Fri Sep 25 18:48:39 EEST 2009
the apps in maemo extras *should* be trusted because we, the community,
trust the developers who put them there.

it would take 1 bad report to have the software removed from extras.

its a worrying scenario for some people,  but this isnt the wild west and
like all trust based mechanisms, people in the community are given rights to
upload hopefully based on their standing.

There are many steps along the way to being involved in the community and i
do not see why an individual would be nefarious enough to go through all
those just to infect a few machines.

people are given rights and responsibilities and mechanisms are in place to
hopefully prevent an incident such as you are describing.

it falls on each and every one of us to maintain that trust.

gary




On Fri, Sep 25, 2009 at 3:40 PM, David Greaves <david at dgreaves.com> wrote:

> tero.kojo at nokia.com wrote:
> > ----- Original message -----
> >>
> >> I realise this is a slightly different question (hence the new subject)
> >>
> >> OK, say I have an evil twin who wants to attack ('own') a lot of Nokia
> > N900
> >> devices. How do I do this?
> >
> > I hope that was retorical. Tell your evil twin to do something usefull.
>
> Err, no it wasn't retorical; it was hypothetical though in case you were
> worried.
>
> It's more about being responsible :)
> Actually it is very late in the day to be asking... but hey, it sounds like
> a
> topic worth raising.
>
> >> Does extras-testing factor into this?
> >
> > At least so that I would prefer maemo.org extras to be clean from
> > malware. It is much easier to promote it in Nokia internally when extras
> > contains good software.
>
> I agree 100% ... all it takes is one example of malware introduced into an
> OSS
> product and we (and Nokia) could lose a lot of credibility.
>
> I wonder how much that could be worth to some people? Maybe worth a
> deliberate
> attack? Maybe someone is playing a longer game?
>
> I just hope we are not planning on taking the "cross your fingers and toes
> *REALLY HARD* and hope everyone is nice to us" approach to security ;)
>
> Discuss...
>
> David
>
> --
> "Don't worry, you'll be fine; I saw it work in a cartoon once..."
> _______________________________________________
> maemo-developers mailing list
> maemo-developers at maemo.org
> https://lists.maemo.org/mailman/listinfo/maemo-developers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.maemo.org/pipermail/maemo-developers/attachments/20090925/799636d8/attachment.htm 
More information about the maemo-developers mailing list