Active Topics

 


Page 9 of 9 « First 78 9
Reply
Thread Tools
benny1967's Avatar
benny1967 is offline benny1967
2018-03-04 , 09:02
Posts: 3,790 | Thanked: 5,718 times | Joined on Mar 2006 @ Vienna, Austria
#81
Originally Posted by LouisDK View Post
So with shared source codes with selected 3rd party you'll enable them to explore new backdoors and make custom compiled version with added backdoors.

Also since the parts in question is closed source the public won't be able so spot differences in custom vs. vanilla Sailfish parts or search for backdoors themselves.

How can this be labelled as secure?
It's secure from their partners' point of view. Just as it's 'full open source' only from their partners' point of view.
 

The Following 8 Users Say Thank You to benny1967 For This Useful Post:
pichlo's Avatar
pichlo is offline pichlo
2018-03-04 , 09:10
Posts: 6,447 | Thanked: 20,981 times | Joined on Sep 2012 @ UK
#82
Originally Posted by benny1967 View Post
It's secure from their partners' point of view. Just as it's 'full open source' only from their partners' point of view.
Which is fair enough. He who pays the piper calls the tune.

Which brings me back to the point I've been trying to get across for years. Jolla is NOT the open-source messiah some would like to see it as. It is just another company trying to make a living.
__________________
Русский военный корабль, иди нахуй!
 

The Following 8 Users Say Thank You to pichlo For This Useful Post:
Pim is offline Pim
2018-03-04 , 10:12
Posts: 70 | Thanked: 357 times | Joined on Jun 2012 @ Europe
#83
Actually, isn't it the case large-enough governments can get full source code access to most operating systems, even Windows, under appropriate non-disclosures and other conditions etc?
 

The Following 4 Users Say Thank You to Pim For This Useful Post:
kinggo's Avatar
kinggo is offline kinggo
2018-03-04 , 10:21
Posts: 943 | Thanked: 3,228 times | Joined on Jun 2010 @ Zagreb
#84
And what would change if they are?
Would that atract new OEMs to make HW with sailfih? No.
Would that made carriers to support it? No.
Would that made 183643 new developers? No. And particulary BIG NO since from inception for some misterious reasons Jolla does not support paid apps and does not won't people to make money on their work. Meanwhile, I just paid 80€ to sygic a few days ago so that I can have mirrorlink function within their nav app.
Would that made various different 3rd party apps that we need or use on a daily basis or here and there, but still use, on other platforms suddenly appear on sailfish? No.

Signal is apparently way better option than Telegram because it's fully open........But AFAIK they don't allow access to 3rd party apps. So how is that better than any closed source app?

There's 66538 different problems with Jolla and sailfish but a few closed source components are not one of those.
 

The Following 8 Users Say Thank You to kinggo For This Useful Post:
LouisDK is offline LouisDK
2018-03-04 , 20:01
Posts: 252 | Thanked: 597 times | Joined on Oct 2011 @ Denmark
#85
Originally Posted by richie View Post
It work like this according to this old image https://pbs.twimg.com/media/Cylz-a0WQAAzJ6i.jpg

So Jolla will oversee any code going back in to SailfishOS to maintain independent offering. Leaking code is probably prohibited by commercial contracts.
This doesn't mean that any 3rd party with source code access could omit telling Jolla about found security bugs and use these as backdoors.

Also an NDA doesn't guarantee that source code won't get leaked even trough it's prohibited. Just look at the recent leak of iBoot code.

As I've understood from your picture Jolla doesn't have access to Sailfish RUS specific source code meaning backdoors could be inserted without Jollas knowledge. Only into the RUS specific version though.
 

The Following 3 Users Say Thank You to LouisDK For This Useful Post:
tortoisedoc is offline tortoisedoc
2018-03-04 , 20:40
Posts: 592 | Thanked: 1,167 times | Joined on Jul 2012
#86
Originally Posted by LouisDK View Post
This doesn't mean that any 3rd party with source code access could omit telling Jolla about found security bugs and use these as backdoors.

Also an NDA doesn't guarantee that source code won't get leaked even trough it's prohibited. Just look at the recent leak of iBoot code.

As I've understood from your picture Jolla doesn't have access to Sailfish RUS specific source code meaning backdoors could be inserted without Jollas knowledge. Only into the RUS specific version though.
That'd be a GPL violation right there. Which translates into a higher risk for the players (for example the RUS specific version).

Bottomline : get caught with your pants down, and it's trouble

EDIT : this for the OPEN components. It might actually be that Jolla will be forced to open up the (remaining) closed ones for security validation.
__________________
BWizz - best N9 bookmark editing tool! Check it out ->BWizz for Harmattan

LINKer - transform your N9's home view in a Desktop, give it the freedom it deserves! -> LINKer for Harmattan

QuickBar - Can't find the app you used yesterday in your overcrowded Home Screen? Want access to the QuickLaunch bar even in the home screen? QuickBar for Harmattan

If you like our work, and would like to support via PayPal : users.giulietta@gmail.com
Last edited by tortoisedoc; 2018-03-04 at 21:01.
 

The Following 4 Users Say Thank You to tortoisedoc For This Useful Post:
m4r0v3r is offline m4r0v3r
2018-03-04 , 21:45
Posts: 1,746 | Thanked: 1,832 times | Joined on Dec 2010
#87
the best way to ensure something is what it says it is. is you take a code and build it, and it should behave the same way the code says.

so if a russian code base changes something, you should be able to simply install a "vanilla" sfos and see whats what.
 

The Following 3 Users Say Thank You to m4r0v3r For This Useful Post:
Reply
Page 9 of 9 « First 78 9

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 13:18.

Contact Us - Home - Archive - Top