Active Topics

 



Notices


Reply
Thread Tools
Posts: 1,224 | Thanked: 1,763 times | Joined on Jul 2007
#11
Originally Posted by zehjotkah View Post
No, because apps in extras have been tested before. They have to go through a quality testing process.
And such programs never would be approved.
But to devel everyone can upload, without testing.
There are many bugs which will not be found by the extras "QA" process, or by Nokia's QA process for OVI. Certainly, intentional bad behaviour can easily slip through. Promising security for extras is akin to selling snake oil.

For example. The program can start sending lots of SMS only two weeks after installation.
__________________
My repository

"N900 community support for the MeeGo-Harmattan" Is the new "Mer is Fremantle for N810".

No more Nokia devices for me.
 
zehjotkah's Avatar
Posts: 2,361 | Thanked: 3,746 times | Joined on Dec 2007 @ Berlin - Love this city!!
#12
Originally Posted by Matan View Post
There are many bugs which will not be found by the extras "QA" process, or by Nokia's QA process for OVI. Certainly, intentional bad behaviour can easily slip through. Promising security for extras is akin to selling snake oil.

For example. The program can start sending lots of SMS only two weeks after installation.
Okay, that would be possible. But in my opinion unlikely.
 
Posts: 151 | Thanked: 72 times | Joined on Sep 2009
#13
I personally am an end user and have taken to the warning of not installing any devel or extras applications, I'll patiently wait for SNES, PSX, N64, Genesis Emulators when they are ready to be downloaded from here. I have been tempted but I trust the community to test everything out first before it comes to a user such as myself who wouldn't be familiar with root commands etc...

Thanks Community again! Keep up the good work.
 
Posts: 1,224 | Thanked: 1,763 times | Joined on Jul 2007
#14
Originally Posted by nax3000 View Post
Hey could you tell my what does the dist-update command does?
There is no such command dist-update.

The update command updates the packages lists from repository.

The upgrade command upgrades packages currently installed on the system, but does not install new packages.

The dist-upgrade command is like upgrade, but allows new packages. Example:

If you have version 1.0 of package a which depends on package b, then obviously you have package b already installed. If the repository has version 2.0 of package a, which depends on packages b and c (which you don't have installed), then apt-get upgrade will not upgrade package a, since it requires installing package c. apt-get dist-upgrade, on the other hand, will install c and upgrade a.
__________________
My repository

"N900 community support for the MeeGo-Harmattan" Is the new "Mer is Fremantle for N810".

No more Nokia devices for me.
 
Texrat's Avatar
Posts: 11,700 | Thanked: 10,045 times | Joined on Jun 2006 @ North Texas, USA
#15
Originally Posted by Matan View Post
There are many bugs which will not be found by the extras "QA" process, or by Nokia's QA process for OVI. Certainly, intentional bad behaviour can easily slip through. Promising security for extras is akin to selling snake oil.
The problem is that Maemo is now drawing in large numbers of average users who, for whatever reason, can or will not handle well the sort of disasters that immature packages can inflict. And yes, while some have few if any issues with -devel apps, others have not been so fortunate.

So the safest thing for the rank and file to do is be forewarned and proceed with caution. There's certainly no harm in more advanced users mining -devel gold ore and helping shine it up... nor is there any harm at all in cautioning the general public.
__________________
Nokia Developer Champion
Different <> Wrong | Listen - Judgment = Progress | People + Trust = Success
My personal site: http://texrat.net
 

The Following 3 Users Say Thank You to Texrat For This Useful Post:
volt's Avatar
Posts: 1,309 | Thanked: 1,187 times | Joined on Nov 2008
#16
Originally Posted by Diavoli View Post
I personally am an end user and have taken to the warning of not installing any devel or extras applications
(...)
Extras? Maybe you mean extras-testing, I would not hesitate to use extras.

Originally Posted by Diavoli View Post
I'll patiently wait for SNES, PSX, N64, Genesis Emulators when they are ready to be downloaded from here.
May not ever happen. Just saying.
 
Posts: 1,224 | Thanked: 1,763 times | Joined on Jul 2007
#17
Originally Posted by zehjotkah View Post
Okay, that would be possible. But in my opinion unlikely.
This opinion is stupid. If this is done intentionally, maybe with monetary gain for the perpetrator in mind, then obviously gaining the wider audience by having the package in extras is a desired goal. And since the extras process has no chance of stopping this program, if there will be such a program in extras-devel, it will also be in extras.
__________________
My repository

"N900 community support for the MeeGo-Harmattan" Is the new "Mer is Fremantle for N810".

No more Nokia devices for me.
 
zehjotkah's Avatar
Posts: 2,361 | Thanked: 3,746 times | Joined on Dec 2007 @ Berlin - Love this city!!
#18
Originally Posted by Matan View Post
This opinion is stupid. If this is done intentionally, maybe with monetary gain for the perpetrator in mind, then obviously gaining the wider audience by having the package in extras is a desired goal. And since the extras process has no chance of stopping this program, if there will be such a program in extras-devel, it will also be in extras.
I said unlikely, because it's working for linux repositorys, too.
So why should there be someone intentionally code malware for maemo, a platform which is relatively small?
Then you could argument the same for the appstore. Apple is only checking if the program doesn't violate rules for their software.
Or the Android market. Same thing.
 
volt's Avatar
Posts: 1,309 | Thanked: 1,187 times | Joined on Nov 2008
#19
It would have to get sent through to extras-testing first, and then again to extras. Not saying that it's impossible, but quite a bit of programs seem to stay in devel and never get any further. To get through they'd either have to have an attractive horse around their soldiers, or manipulate the system on a bigger scale. Which ought to draw attention.
 
volt's Avatar
Posts: 1,309 | Thanked: 1,187 times | Joined on Nov 2008
#20
Originally Posted by zehjotkah View Post
So why should there be someone intentionally code malware for maemo, a platform which is relatively small?
I can think of two reasons. While overall small, Maemo is one of the biggest linux platforms where an application has access to SMS and similar functionality. And while large at that, it probably has one of the smallest bases of paranoid users that will spend time on checking other people's code for hidden functionality.
 

The Following 2 Users Say Thank You to volt For This Useful Post:
Reply

Tags
dangerous, devel, testing


 
Forum Jump


All times are GMT. The time now is 07:07.