Re: Fedora based MeeGo = NoGo!
 

Man, you'd think otherwise dealing with some of the fanatics at times :)

Re: Fedora based MeeGo = NoGo!
 

A fanatic is a fanatic regardless what colors he's flying on the flagpole :) FOSS does tend to get a bit more emotional as the concentration of people in there for personal reasons is much higher than in other ecosystems. Also, well organized companies have the luxury of having dedicated staff with actual people skills talking to other people, while in the FOSS pool the sometimes missing 'right' combination of people and tech skills required for a successful project/collaboration makes things a bit difficult at times. And of course all this is completely OT, but so is the whole thread after the first couple of pages :)

Re: Fedora based MeeGo = NoGo!
 

That being said I also like to point out the different meaning of "free" between community backed distro and commercially backed distro.

Of course, you are always free to join whichever fits you the best. That was probably the purpose of that thread in the first place.

Nonetheless I enjoyed this discussion on Debian vs Fedora security. Never knew their was people who felt Debian was not secure (rightly or wrongly).

Re: Fedora based MeeGo = NoGo!
 

The FOSS movement could not survive without a strong sense of community and dedication from its members. You are hence bound to some degree of fanaticism. Frankly without some of its most engaged members (fanatics if you prefer) there would be no FOSS at all. I am not saying we should all become like a certain Richard Stallman but the man has my respect.

You have to swim against the current sometimes eh ? (wink and kudos at you).

Re: Fedora based MeeGo = NoGo!
 

I've tried to use words should/would/could instead of imperative ones.

But this weak security policy affects also me, because I am using N900. So it is not only Debian's problem. It is also my problem.
So I think I am entitled to say "the problem should be fixed".

http://manpages.ubuntu.com/manpages/...ebsigs.1p.html
However debsigs and debsig-verify currently are not ported to Maemo5.
Also, seems like debsigs is not even very common and disabled on most of the DEB-based systems:
from http://purplefloyd.wordpress.com/200...-deb-packages/

I appreciate all those extra, -devel, -testing deb packages people have provided, but I am concerned about developers installing themselves also deb-packages without authenticity check.
http://www.google.com/search?q=site%...dpkg+-i%22+deb
https://garage.maemo.org/plugins/wik...id=1382&type=g

Thompson's Trojan Compiler type of crack needs to get inside developers community only once, and it will be hard to detect and remove. There already may be such Trojan horses, but we certainly would not want even more.

Right now, we are in Maemo5 practically as easily crackable as iPhone users are:
http://blogs.zdnet.com/security/?p=5836

Re: Fedora based MeeGo = NoGo!
 

25 pages... nope not at this time of the day...

maybe it was said on one of the other 24 pages that i haven't read. whatever...

i think that it will be difficult to switch to another system but it isn't wrong.
maybe it is because i have a N900 and so it shouldn't be a big problem for me. it would be something different if i had an older model, then i would see that developers move to the new system and i will be stuck with all the old software and bugs.
back to my situation... i'm in the situation that i have a mobile with a lack of proper software. the developers might be already focussed at the new system (maybe not). but there is something different with the new OS. it will be supported by a lot of different devices and not only limited to Nokia phones. I guess that the N900 (and later) users will benefit from the nettop users who develop apps for there devices and the possibility to use these apps on my device.
Debian might be a good system, but it wasn't designed with a focus on devices with a battery. As a result some of the ways the programmers write there programs are everything but power effective.

How ever, Nokia (and we) need more users for these operating system to get more developers and more apps!

Re: Fedora based MeeGo = NoGo?
 

I would have to heartily agree; I upgraded from RedHat to Debian almost a decade ago, after upgrading from Slackware to RedHat years before, and nothing I have seen has convinced me to switch back since. Whenever I hear about a new nifty OSS package, nine times out of ten I can type "apt-get install package-name" and get it within a matter of minutes under Debian; no dependency hell, and no worries about incompatibilities. Maemo has not disappointed in this respect, and I fear for the future of Linux on MIDs if people seriously think that RPM is a superior solution to DPKG+APT.

Granted, I haven't used an RPM based distribution in years (I haven't needed to; Debian inspired my traditional signature of "The more I use other software, the more I like Debian"), but from what I've heard and seen, there's no reason to d suspect that moving to RPM and anything but apt will be anything other than a downgrade.

Even Ubuntu, my second favorite distro to Debian, is based on Debian; all new popular and successful distributions are being built on Debian these days, and for good reason. The package management is superior; notwithstanding all the work put into RPM and yum, Debian has just been too far ahead for too long. Of course, part of that is the care and polish that a typical Debian package has, but I doubt I'll be able to just add "universe-all" or "extra-devel" lines to a yum config file and just install from there.

If there are people who think the devel tools are better on Moblin, they should have ported them to Maemo. If I have to install RedHat or anything besides .debs to develop software on my desktop for N900, forget it; that's almost as bad as having to run MacOSX in VirtualBox to develop iPhone apps, and I didn't sign up for that when I bought an N900.

Re: Fedora based MeeGo = NoGo!
 

Oh please, for the love of Zod, don't let the Wind River guys near anything you hold dear. For an operating system that costs thousands of dollars, it's really bad. I've found and fixed things like unclosed 'extern "C" {' in VxWorks header files; stuff beginners would be chided for; who knows what goes on in more important pieces of their code . . .

Re: Fedora based MeeGo = NoGo?
 

Package dependency hell problems like these?

You have used RPM-based system clearly too long time ago.
Fedora nowadays (and rpmfusion repositories) do not have dependency problems any more.
And it has better debug-packages handling and automatic bug tracking tools (ABRT) than any Debian system nowadays, and I use both Fedora and Ubuntu systems currently.

And it has come more and more important that security of the system is based on solid good security policies which are thought and practised well enough. With DEB-systems the security clearly is flawed and outdated badly. We can notice it daily on talk.maemo.org with instrcutions to download this and that manually (not even from HTTPS-servers) and then blindly installing deb-packages with dpkg -i without GPG-signatures.
For that reason only move from DEB- to RPM-system would be well justified already, also on Debian-PC-distributions.

Re: Fedora based MeeGo = NoGo?
 

That particular problem is a repository issue, caused by the disrepancy between the SDK and device firmwares. RPM would have *exactly* the same problem.

You cannot enforce security on people who don't want it. Most of the people on tmo don't care if it's RPM, DEB, signed or unsigned, they want to install. If you create obstacles, they will simply go around it (install binaries manually, etc). We've been over this, but it's about policies, not formats. If people don't accept/follow the policies (which they clearly don't), what format is being worked around is completely irrelevant.