On 09/17/2015 05:53 AM, Alberto Mardegan wrote: > On 09/16/2015 07:32 PM, Jamie Strandboge wrote: >> Note that this landing was uncoordinated with the security team (I >> just now heard about it). There is no security policy for 15.10 on >> the device at the moment so targeting a 15.10 framework in an app >> won't work on a 15.04 device. > > I tried to modify the reminders-app to use the new account APIs in > 15.10-dev1, but the application won't start. > I suspect that this has something to do with this: > ======== > phablet@ubuntu-phablet:~$ sudo aa-clickhook > ERROR: Could not find framework for > 'com.ubuntu.reminders_pushHelper_0.5.496.json'. Skipping > ERROR: Could not find framework for > 'com.ubuntu.reminders_reminders_0.5.496.json'. Skipping > ======== > > Are these errors caused by the missing security policy, as you wrote > above? > Yes and there needs to be a click-apparmor change. This will unfortunately trigger the time consuming rebuild of policy on the devices. I'm not sure about the store interactions (ie, will an app using the 15.10 framework install on a 15.04 device with the 15.10 framework?), though I have a feeling it will work fine. It is possible the sdk will have to be updated to handle the differently versioned security policy (it will be 15.10, not 1.4).
I think we need to improve our processes for updating frameworks-- we don't do it often, but when we do they are too often uncoordinated across teams. > Anyway, how to proceed? I'm not very fond of backporting the changes > to the 15.04 framework, because we shouldn't modify a framework after > having released it (save for bugfixes). Yet we've done this a lot already-- but mostly for bug fixes and new functionality (ie, not breaks to existing functionality). I think the way to proceed is get the new policy on the devices (but shipping newer security policy on old userspace breaks some agreed to assumptions that the security policy consider. Have I mentioned it would have been nice to coordinate this ahead of time? :) I've filed a bug[1] to track this work, but it won't be able to land until next week at the earliest. > What if an application starts > using the new Online Accounts APIs in 15.04, and a user installs it in > one device which has the 15.04 framework, but not updated to the > latest OTAs? If one has the original 15.04 framework, applications > using the new Online Accounts API would not work there. This is a sore point in backporting functionality to the devices-- phased updates and people not updating mean that developers have a weird choice on when to pull the trigger on new functionality in their app. This happened with 'keep-display-on' and I feel like at least one other feature. With online accounts, it might make sense to wait on advertising the feature until all the bits are fully phased. [1]https://launchpad.net/bugs/1496880 -- Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- Mailing list: https://launchpad.net/~ubuntu-phone Post to : ubuntu-phone@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
