the apps in maemo extras *should* be trusted because we, the community, trust the developers who put them there.<br><br>it would take 1 bad report to have the software removed from extras.<br><br>its a worrying scenario for some people, but this isnt the wild west and like all trust based mechanisms, people in the community are given rights to upload hopefully based on their standing.<br>
<br>There are many steps along the way to being involved in the community and i do not see why an individual would be nefarious enough to go through all those just to infect a few machines.<br><br>people are given rights and responsibilities and mechanisms are in place to hopefully prevent an incident such as you are describing.<br>
<br>it falls on each and every one of us to maintain that trust.<br><br>gary<br><br><br><br><br><div class="gmail_quote">On Fri, Sep 25, 2009 at 3:40 PM, David Greaves <span dir="ltr"><<a href="mailto:david@dgreaves.com">david@dgreaves.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im"><a href="mailto:tero.kojo@nokia.com">tero.kojo@nokia.com</a> wrote:<br>
> ----- Original message -----<br>
>><br>
</div><div class="im">>> I realise this is a slightly different question (hence the new subject)<br>
>><br>
>> OK, say I have an evil twin who wants to attack ('own') a lot of Nokia<br>
> N900<br>
>> devices. How do I do this?<br>
><br>
> I hope that was retorical. Tell your evil twin to do something usefull.<br>
<br>
</div>Err, no it wasn't retorical; it was hypothetical though in case you were worried.<br>
<br>
It's more about being responsible :)<br>
Actually it is very late in the day to be asking... but hey, it sounds like a<br>
topic worth raising.<br>
<div class="im"><br>
>> Does extras-testing factor into this?<br>
><br>
> At least so that I would prefer <a href="http://maemo.org" target="_blank">maemo.org</a> extras to be clean from<br>
> malware. It is much easier to promote it in Nokia internally when extras<br>
> contains good software.<br>
<br>
</div>I agree 100% ... all it takes is one example of malware introduced into an OSS<br>
product and we (and Nokia) could lose a lot of credibility.<br>
<br>
I wonder how much that could be worth to some people? Maybe worth a deliberate<br>
attack? Maybe someone is playing a longer game?<br>
<br>
I just hope we are not planning on taking the "cross your fingers and toes<br>
*REALLY HARD* and hope everyone is nice to us" approach to security ;)<br>
<br>
Discuss...<br>
<font color="#888888"><br>
David<br>
</font><div class="im"><br>
--<br>
"Don't worry, you'll be fine; I saw it work in a cartoon once..."<br>
</div><div><div></div><div class="h5">_______________________________________________<br>
maemo-developers mailing list<br>
<a href="mailto:maemo-developers@maemo.org">maemo-developers@maemo.org</a><br>
<a href="https://lists.maemo.org/mailman/listinfo/maemo-developers" target="_blank">https://lists.maemo.org/mailman/listinfo/maemo-developers</a><br>
</div></div></blockquote></div><br>