[maemo-developers] maemo-developers Digest, Vol 59, Issue 25
From: Graham Cobb g+770 at cobb.uk.netDate: Fri Mar 26 16:35:22 EET 2010
- Previous message: maemo-developers Digest, Vol 59, Issue 25
- Next message: Python application packaging
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Friday 26 March 2010 11:53:43 Attila Csipa wrote: > > All security comments are insane in my opinion. If some person really > > wants to be evil, there is nothing in our process that would block that > > except by accident. > > I would rather say that it's more of a formulation issue. It would be more > correct to say that a *known* or *detected* security flaw is a blocker. > Passing Extras-testing is not equivalent to a security audit - it just > means there is no glaring security issue known at the time. I can't say I > would be happy on thumbing up an application is discovered to, say, set a > default root password (I'm good at far fetched examples, too ;) Of course, there is some security benefit from the process -- some glaring security problems may be spotted. However, I agree that this is not at all a security audit. The biggest security benefit of the Extras repository is knowing that it is backed by a team who will be able to take action (such as remove the app) if an app is discovered to be a serious security issue. That is not true for extras-devel, and may not be true for 3rd party repositories. Graham
- Previous message: maemo-developers Digest, Vol 59, Issue 25
- Next message: Python application packaging
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]