On Thu, Apr 9, 2015 at 12:56 PM, Robert Schroll <rschr...@gmail.com> wrote: > > Really? Any sane rating system will increase the computed rating when > receiving a new review above the current rating and reducing it when > receiving a new review below the current rating. Thus every sane rating > system is vulnerable to a flood of five-star, or one-star, reviews. > Methinks you are flattering yourself if you think attackers will take the > time to search for a unique vulnerability in your rating system, rather than > brute-forcing it.
I think with time and popularity, we'll get a bit of both :) > Since reviews require an Ubuntu One account, I think the best defense is > preventing and removing fraudulent accounts. Keeping this part secret makes > more sense to me. This is not the only reason it's private, it's a small part of the store. Overall we don't want fragmentation with competing stores, and the store itself interacts with payments and other sensitive items. This is just an extension of the existing desktop store backend, which has been proprietary since its inception as well. In this case, the overall benefits of keeping it closed outweigh the benefits (and cost) of having it open source. I would agree it is an uncomfortable line to walk, and this could change in the future if the balance changed. It isn't on the cards for now. -- Martin -- Mailing list: https://launchpad.net/~ubuntu-phone Post to : ubuntu-phone@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
