FWIW I am using CSSU and my AGPS hasn't worked in over a month (tried both nokia and google SUPL servers, and rebooted after changing). I have to stand outside and wait several minutes to get a GPS lock anywhere.

I decided to reflash my N900 today, and what a surprise - new update. I updated it without reading this thread first and now have a question.
-Non-CSSU users, you can update. If you ever want to install the CSSU, the installer will work fine on PR1.3.1.
-The CSSU already includes the core fixes, the UI is what needs to be updated, you should not try to install this if you want the CSSU, we'll provide the UI update as soon as it's out. by MAG.
So, can I install CSSU now or not? I'm a little confused here.
Thanks.

read my lips:

yes you can install the CSSU.

I get almost instant GPS-lock with supl.google.com, but the Nokia SUPL has been abysmal since at least July for me.

Another "me too" here -- I was playing with Google Latitude on Monday, no problems with GPS. Did the security update on Tuesday evening. Today, AGPS doesn't seem to work; have to wait for the non-assisted GPS to lock on. (Once that happens, of course, everything is fine again.)

I'm not using CSSU, haven't touched my kernel, still using Nokia's supl. I suppose I should try out the Google supl; it does seem more like this would be a problem with the internet connection than with the security update.


Update: Ok, I just tried out the Google supl (after waiting long enough for the previous satellite list to go stale), and yes, the AGPS now gives me a near-instant GPS lock on. So, I guess the Nokia supl is the problem here...

when can we expect the CSSU UI update dear MAG......rite now apt-get method shows this update, after CSSU update this will stay there or not? thanks.

My update was successful but I'm not happy with just security fix.

I have not seen any such lockscreen update.
When I updated to PR1.3.1, it only updated libmaemosec-certman-applet0, libmaemosec-certman0, libmaemosec0, maemosec-certman-applet, maemosec-certman-common-ca, maemosec-certman-tools and mp-fremantle-generic-pr and nothing else.

I am using supl.google.com for AGPS and it can take up to a minute to get a proper GPS lock on the location I am actually at. (although some of the delay can be explained by the fact that I run at 2G to preserve the battery life)

Examining the changes, it seems to have updated the
maemo-security-certman package (which builds libmaemosec0, libmaemosec-certman0, maemosec-certman-tools and maemosec-certman-common-ca packages). The previous version was 0.1.6. The new version is 0.2.0 and the changes seem to be:
maemo-security-certman (0.1.7) unstable; urgency=low

* Added '-e' command line switch to cmcli to echo the
key id of installed certificates.
Fixes: NB#154963

maemo-security-certman (0.1.8) unstable; urgency=low

* Backported fix of NB#172389 from Harmattan: cryptoki_module causes
a crash if not all certificates can be fetched from the store.
This can be caused by a broken store or similar causes.
Fixes: MB#10423
* Updated the root certificate set.

maemo-security-certman (0.1.9) unstable; urgency=low

Updated the root certificate set. Removed the compromised
DigiNotar CA and a bunch of expired roots and added the new
roots. Common-ca now matches NSS 3.13 changeset 76201:04a58ba1ce1e
of Aug 31, 2011 from http://hg.mozilla.org/mozilla-central/.
Also backported from Harmattan the handling of several certificates
with the same public key, which is needed for Verisign roots
00d85a4c25c... and f3a27298eeb...

maemo-security-certman (0.2.0) unstable; urgency=low

Added explicit blacklisting of compromised or rogue
certificates following the Mozilla model. A new shared
cert domain "blacklist" now contains all blocker certs from
Mozilla's built-in certdata.txt as in changeset 76451:cf1ba8f0dbf7
Sep 02. See Mozilla bug 683261 for further information.
The downside is that the blacklisted certificates appear
in the settings applet as if they were valid since it shows the
contents of all domains regardless of their type the same way.
This must be fixed in the maemo-security-certificates-applet.

maemo-security-certman is LGPL and the source code for versions up to 0.2.0 (including any new dev packages) is at http://gitorious.org/maemo-5-certifi...curity-certman including all the root CAs and keys

There was also an update to maemo-security-certman-applet (which builds maemosec-certman-applet and libmaemosec-certman-applet0) from version 0.1.2 to version 0.1.4. Changes seem to be:
maemo-security-certman-applet (0.1.3) unstable; urgency=low

* Handle properly certificate names with markup characters in them
Fixes: NB#122916

maemo-security-certman-applet (0.1.4) unstable; urgency=low

Release 0.1.4
Mark blacklisted certificates invalid. Also replaced the faulty
debian/copyright file with proper license info.

This package is unfortunatly "nokia proprietary" licensed. There is a git page here http://maemo.gitorious.org/maemo-af/...certman-applet that just says something about "maemo-security-certman-applet" being gone.

As for the CSSU, they can already pull the 0.2.0 maemo-security-certman into their own maemo-security-certman tree (if they havent already done so), its just the update to maemo-security-certman-applet they are waiting for Nokia on. I suspect that maemo-security-certman-applet will remain closed source but with permission given to the CSSU to distribute the maemosec-certman-applet_0.1.4+0m5_armel.deb and libmaemosec-certman-applet0_0.1.4+0m5_armel.deb packages.

The good thing is that with maemo-security-certman being LGPL and open source, updating it with new root certificate sets in the future is definatly possible.

sorry....big mistake!!
it was the mango theme lockscreen! so sorry......