On Tuesday 15 October 2013 10:06:36 Sergio Schvezov wrote: > On Tue, Oct 15, 2013 at 9:16 AM, Michael Zanetti < > > michael.zane...@canonical.com> wrote: > > Hi, > > > > On Monday 14 October 2013 18:09:14 David Planella wrote: > > > In addition to all what Dave is saying, if you want to know more about > > > > this > > > > > app, including links to the source code: > > > > > > http://notyetthere.org/?p=351 > > > > Actually I share Jeremy's concerns. And I think neither of Daniel's and > > David's or Dave's comments are really addressing this issue: > > > > * Dave: yes, the app passed the security checks. But given that the > > security > > checks only deal with the binary blob it is debatable how useful those > > checks > > are. IMHO they aren't useful at all in regard to security. I could sneak > > in > > code that starts sending all your logins to myself and no one would notice > > it, > > I bet. > > > > * David: There are no relations to the source code and the uploaded binary > > package. In this case all I can do is to give you my word that I won't do > > any > > bad things. But in theory I could publish some source code and build the > > binary out of some different code. You wouldn't notice for sure. Btw. > > because > > of the missing trusted relationship between the uploaded binary and source > > packages I didn't bother to upload the source package to the store. > > > > * Daniel: Yes, it is confined in AppArmor but note that it has the > > networking > > capability (mainly because it's enabled by default and I forgot to remove > > it - > > will be gone in the next update). So even though this app might not be > > able to > > steal your address book, I could still send out your Ubuntu SSO > > credentials > > over the network once you set it up. > > > > > > Jeremey, one thing you can do, is to install the app called "Permy". It > > shows > > you who made the app and which AppArmor permissions it has. Unfortunately > > that's all we can do so far. There is no way to be sure what's in the > > app's > > binary right now. > > I am guessing that this is the biggest reason why apps were supposed to be > qml only at the beginning. Or the thought that all of them should be qml > only would avoid this issue. We are on a different path these days from the > looks of it.
Oh well, I could have told you earlier that QML only won't work out :) Actually a lot of badness came in with that guideline (e.g. Music app will probably need to be rewritten to some large extend at some point), but that's a whole different discussion. > > > That said, unfortunately this is how all the other mobile app stores work > > too, > > and basically how 95% of all software on Windows and Mac is distributed. I > > don't want to use that as an excuse but thing is, this is what the market > > demands right now. App Developers don't want to publish their code and the > > vast majority of users doesn't seem to care about anything security at all > > anyways. It's a sad situation for people like us who actually DO care > > about > > security. > > > > However, I haven't given up hope that at some point someone will set up > > some > > App Repository for Ubuntu Touch which requires developers to upload a > > source > > package, the binary will be built on the trusted server and the exact same > > source archive published along with the binary. But when this happens, I'm > > sure it will only hold the geeky FOSS apps. For me personally that would > > be > > enough as I tend to write all the apps I use myself anyways :P Would be > > awesome to have a way to publish them in a trusted way to my "customers". > > Today all the com.ubuntu.[appnames] are built on jenkins, you can freely > check the code. I don't think it would be too hard to circle around the > upload new source -> get new click. I do want to avoid rebuilding debian > package builds though. If we could enable such a thing for 3rd party app developers it'd be great. Basically I would like to upload a signed source tgz containing some sort of recipe and that one gets either automatically published or I get an email if the build failed. That would make me feel way more comfortable installing other peoples apps. Cheers, Michael -- Mailing list: https://launchpad.net/~ubuntu-phone Post to : ubuntu-phone@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
