<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Arial">All,<br>
<br>
there is a company, rpath, that is providing some if not all of what is
needed for management of the OS codebase. Here is the url to a press
release for their product:<br>
<br>
<a class="moz-txt-link-freetext" href="http://www.rpath.com/corp/news-and-events/rpath-continues-momentum-with-addition-of-9.1m-in-fu-5.html">http://www.rpath.com/corp/news-and-events/rpath-continues-momentum-with-addition-of-9.1m-in-fu-5.html</a><br>
<br>
Maybe Nokia is using such a tool internally but if not, it appears to
be worth considering.<br>
</font>
<div class="moz-signature">
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="ProgId" content="Word.Document">
<meta name="Generator" content="Microsoft Word 10">
<meta name="Originator" content="Microsoft Word 10">
<link rel="File-List"
href="ASN%20End%20of%20Message%20Signature%2004%2022%2006_files/filelist.xml">
<title>Best Regards,</title>
<o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place">
<o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PersonName"><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="phone">
<!--[if gte mso 9]><xml>
<o:DocumentProperties>
<o:Author>John B. Holmblad</o:Author>
<o:LastAuthor>John B. Holmblad</o:LastAuthor>
<o:Revision>5</o:Revision>
<o:TotalTime>8</o:TotalTime>
<o:Created>2006-04-22T20:38:00Z</o:Created>
<o:LastSaved>2006-10-20T20:57:00Z</o:LastSaved>
<o:Pages>1</o:Pages>
<o:Words>52</o:Words>
<o:Characters>302</o:Characters>
<o:Company>Televerage International</o:Company>
<o:Lines>2</o:Lines>
<o:Paragraphs>1</o:Paragraphs>
<o:CharactersWithSpaces>353</o:CharactersWithSpaces>
<o:Version>10.6817</o:Version>
</o:DocumentProperties>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[
if !mso]><object
classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id=ieooui></object>
<style>
st1\:*{behavior:url(#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:"MS Mincho";
        panose-1:2 2 6 9 4 2 5 8 3 4;
        mso-font-alt:"\FF2D\FF33 \660E\671D";
        mso-font-charset:128;
        mso-generic-font-family:modern;
        mso-font-pitch:fixed;
        mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
@font-face
        {font-family:Papyrus;
        panose-1:3 7 5 2 6 5 2 3 2 5;
        mso-font-charset:0;
        mso-generic-font-family:script;
        mso-font-pitch:variable;
        mso-font-signature:3 0 0 0 1 0;}
@font-face
        {font-family:"\@MS Mincho";
        panose-1:2 2 6 9 4 2 5 8 3 4;
        mso-font-charset:128;
        mso-generic-font-family:modern;
        mso-font-pitch:fixed;
        mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {mso-style-parent:"";
        margin:0in;
        margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-fareast-font-family:"MS Mincho";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;
        text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;
        text-underline:single;}
span.grame
        {mso-style-name:grame;}
span.GramE
        {mso-style-name:"";
        mso-gram-e:yes;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;
        mso-header-margin:.5in;
        mso-footer-margin:.5in;
        mso-paper-source:0;}
div.Section1
        {page:Section1;}
-->
</style><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
        {mso-style-name:"Table Normal";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0in 5.4pt 0in 5.4pt;
        mso-para-margin:0in;
        mso-para-margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:10.0pt;
        font-family:"Times New Roman";}
</style>
<![endif]--><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="7170"/>
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1"/>
</o:shapelayout></xml><![endif]-->
</o:SmartTagType></o:SmartTagType></o:SmartTagType>
<div class="Section1">
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: Papyrus; color: navy;"><br>
</span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: Papyrus; color: navy;">Best
Regards,</span><span style=""><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 6pt; font-family: Papyrus; color: navy;"> </span><span
style="font-size: 6pt;"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: Papyrus; color: navy;">John
Holmblad</span><span style=""><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 6pt; font-family: Papyrus; color: navy;"><o:p> </o:p></span></p>
<br>
</div>
</div>
<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:linwoes@gmail.com">linwoes@gmail.com</a> wrote:
<blockquote cite="mid200702150901.00689.linwoes@gmail.com" type="cite">
<blockquote type="cite">
<pre wrap="">As for the concrete plan:
There is going to be a 'meta' package that represents the whole
operating system. Updates to the OS are done by updating this meta
package in the Application Manager. The meta package will have
dependencies on all packages with their exact versions that make up
the official OS releases. The Application Manager will not allow the
removal of the meta package.
</pre>
</blockquote>
<pre wrap=""><!---->I have found through experience this is a very powerful way to use standard
distribution tools and still hold control. I've implimented a mechanism like
this and it works well. We made it such that (and from the sounds of it this
will be the same) a developer could remove the meta lock package and wreak
havoc on the system. This was a good thing. Hardcore devels could do bad
things, but they will always do bad things. This gave them the last hurdle to
say, you are now out of control. It also means that support can easily tell
when a user has willfully removed the meta lock and thus absolve themselevs
of some level of support.
</pre>
<blockquote type="cite">
<pre wrap="">This means that the Application Manager will not allow you to update
individual OS packages (or to install third party applications that
require this), since you would have to remove the meta package for
that. It is still possible to install additional 'system' packages,
just not to upgrade already installed ones.
A second new feature is that the Application Manager will distinguish
between "trusted sources" and "non-trusted sources" (based on the key
used to sign the corresponding repository). A package that has
originally been installed from a trusted source will only be allowed
to be updated (or replaced) from a trusted source. The flash image is
also treated as a trusted source, so you will only be able to update
packages that are pre-installed in the device from trusted sources.
This makes it easier for the user to be sure that he doesn't pick up
unwanted system software updates by accident.
The set of trusted sources will be under control of a power-user: you
can just add some GPG keys to the right place, but there is no UI to
do it. You can also switch the whole lock-down machinery off by going
to red-pill mode.
So whaddaya think? Useful? Too painful? Too difficult to escape
from?
</pre>
</blockquote>
<pre wrap=""><!---->Presonally I think the one or two one-time extra steps will not be a burdne
for hackers and yet provide some safety to users. Overall I think it solves
much of the 'rouge' package concerns.
As you said it does not solve all the problems. But no single solution will
solve everything, but this is a strong first step.
Thanks
Brian
_______________________________________________
maemo-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:maemo-users@maemo.org">maemo-users@maemo.org</a>
<a class="moz-txt-link-freetext" href="https://maemo.org/mailman/listinfo/maemo-users">https://maemo.org/mailman/listinfo/maemo-users</a>
</pre>
</blockquote>
</body>
</html>