On 11/17/2014 12:44 PM, Rodney Dawes wrote: > On Mon, 2014-11-17 at 08:40 -0600, Jamie Strandboge wrote: >> The review tools are correctly setting this for manual review because adding >> a >> provider/qml-plugin to online extends online accounts in a manner that >> cannot be >> automatically reviewed and because this code runs in a different security >> context than the click app. >> >> Are you sure you want to add a new provider and qml-plugin for other apps on >> the >> system to use? If so, that's ok, but this will require a manual review for >> each >> upload. (An alternative would be to work with the online accounts team to >> try to >> make your provider and plugin official). > > I personally don't mind if they need review, due to additional security > concerns. I don't think we should try to make every provider an > "official" provider though in the upstream account-plugins package. It > would be better to keep that set of providers as small as reasonably > possible, I think. > > However, I think even the "official" providers for Online Acocunts > should eventually become click packages for each provider. If an > upstream (Google, AOL, Yahoo, whomever) decides to change what URL the > OAuth should be grabbed from, or similar, a click package would let us > have the update out in a matter of minutes. With the providers being > part of the system image, though, it means we'd have to do all th e > extra work that comes with building a system image and pushing it out as > an update to users. > > Granted, this hasn't been a big problem for the phone image yet, but > services breaking authentication schemes has been an issue in the past > for Pidgin and others. > Sure-- and I don't care if it is deb or click. Store policy is such that 3rd party developers can't ship these without manual review. Canonical or a trusted partner is able to ship a click with these without manual review, and my suggestion speaks more to that angle.
-- Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- Mailing list: https://launchpad.net/~ubuntu-phone Post to : ubuntu-phone@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
