Re: Do you want INSTALL FROM FILE back?
 

The security is only as good as the testing. Your root-formatting package would not last a day in -testing. That's the whole point; thank you for making it. :D

Re: Do you want INSTALL FROM FILE back?
 

Ah Flandry, but what about a trojan that sits until it hits extras and gets tons of downloads?

Re: Do you want INSTALL FROM FILE back?
 

I do believe there is a certain amount of snobbery involved here.

Nokia could easily charge to repair bricked devices if RPM/install from .deb was used. They just need to make it clear to the end user (via manual/on screen dialogue/ warranty info).

Locking the unit down (or at least taking away the possibility of unlocking areas via GUI) appears to me to be antithetical to the Linux philosophy.

I won't cry though. As long as they don't kill root access.

By the way. There is an even more puritanical group of users out there who want all GUI's and even xterm deleted in favour of pure binary code.

If you can't make a phone call by writing the binary code to do so every time you want to make one, then you should not be using this phone.

Re: Do you want INSTALL FROM FILE back?
 

You are wrong.

All I need to do is write an actual application, jump through all the loops to get it to extras, and make sure it includes a code that does if(date==03/03/10)delete_all_files. If this code is somewhat obscure (or the application is not free), there is no chance that someone will discover it before it actually does it.

But this is irrelevant anyway. HAM allows repositories with no testing at all, so why not allow local packages?

Re: Do you want INSTALL FROM FILE back?
 

As i said, security is only as good as the testing. Living is risk-taking but, given a hard pitch to climb, i'm going to go with the belayed approach over free climbing.

I'm not opposed to improving security or the -testing process, but that's got nothing to do with this thread except that an attempt was made to suggest that repos are less secure than installing arbitrary .debs, which is clearly false.

Re: Do you want INSTALL FROM FILE back?
 

Where in this thread was such an attempt made?

Re: Do you want INSTALL FROM FILE back?
 

They didn't lock anything down or take anything away. Installing from a file can always be done as pointed out in this thread.
Those who consider this action by Nokia "locking" may precisely be the reason "Red Pill" is no longer available.

The damage though may already be done. When PR 1.1 is released important or relevant information on these forums will be missed or obscured by the many "The update doesn't work" threads or threads that jump to incorrect conclusions.

This was posted by Kontorri yesterday on his blog:

>> http://konttoristhoughts.blogspot.com/

I'm wondering how many "Red Pill" users have less than 45 megs of free space on the rootfs because they have installed non "optified" applications from where ever they find them?

Re: Do you want INSTALL FROM FILE back?
 

Sorry for the misstatement; the actual quote i was replying to was "The decision to only allow packages from repositories does nothing for security." and i was disputing that. Any sufficiently determined and able hacker can find a way to do malicious things, but it's still more secure to have some testing than none.

My stance on the original topic is that we need to work to make it unnecessary for anyone not comfortable with the shell to have any reason to install individual .debs. I concede we are not there yet, but the way forward is not to facilitate that and thus remove incentive to fix the real problem, but to fix the real problem. That problem can be broken down into "repo issues" and "HAM/package type UI granularity issues". Let's focus on those and not beat the dead horse that died for good reason.

There will always be a need to install debs for devs, and they will always have dpkg.

Re: Do you want INSTALL FROM FILE back?
 

But HAM allows installation of packages from repositories with no testing at all, so saying that removal of red pill mode is done for security reasons is a red herring.

I wish I could be so optimistic.

Re: Do you want INSTALL FROM FILE back?
 

I don't think it was done for security reasons; i think it was done because it makes it possible to do with a user-friendly GUI operations that have a good chance of breaking their OS.

You have far more faith in developers than i do. I wouldn't be here porting apps and posting in TMO if maemo wasn't GNUish linux-on-a-phone.

Look at the direction things are going here. It's not towards more restrictive, it's towards better general user appeal and safety of UI and more openness of software. It's evolving to more distinctly separate everyday user experience from hacker experience without any signs of cutting off either of them.