The Following 16 Users Say Thank You to jonwil For This Useful Post: | ||
|
2015-10-28
, 07:13
|
Posts: 567 |
Thanked: 2,965 times |
Joined on Oct 2009
|
#2
|
The Following 9 Users Say Thank You to jonwil For This Useful Post: | ||
|
2015-10-28
, 08:11
|
Posts: 2,290 |
Thanked: 4,134 times |
Joined on Apr 2010
@ UK
|
#3
|
The Following 6 Users Say Thank You to sixwheeledbeast For This Useful Post: | ||
|
2015-10-28
, 08:42
|
Posts: 567 |
Thanked: 2,965 times |
Joined on Oct 2009
|
#4
|
|
2015-10-28
, 09:14
|
Posts: 1,203 |
Thanked: 3,027 times |
Joined on Dec 2010
|
#5
|
|
2015-10-28
, 10:03
|
Posts: 567 |
Thanked: 2,965 times |
Joined on Oct 2009
|
#6
|
The Following 4 Users Say Thank You to jonwil For This Useful Post: | ||
|
2015-10-28
, 11:28
|
Posts: 1,203 |
Thanked: 3,027 times |
Joined on Dec 2010
|
#7
|
The Following 3 Users Say Thank You to Android_808 For This Useful Post: | ||
|
2015-10-28
, 11:57
|
Posts: 567 |
Thanked: 2,965 times |
Joined on Oct 2009
|
#8
|
The Following 2 Users Say Thank You to jonwil For This Useful Post: | ||
|
2015-10-28
, 20:42
|
Posts: 1,203 |
Thanked: 3,027 times |
Joined on Dec 2010
|
#10
|
The Following 5 Users Say Thank You to Android_808 For This Useful Post: | ||
1.We should look at the installed-by-default packages and where there are updates or patches out there that improve security (but which can be used on maemo without breaking things) we should bring them into cssu git repository on github and make them available. Its already being done with newer upstream versions of openssl0.9.8, zlib, libxml2 and some others).
2.we should look to bring in either the latest openssl or libressl and use it for all those packages which use openssl and for which we have source code. (there is no reason we cant keep openssl0.9.8 and something newer around side-by-side as far as I know)
3.Same for any other packages where there is a newer more-secure non-ABI-compatible upstream version we can pull in.
4.We should look at how microb does security and figure out if we can upgrade all the security and crypto and ssl bits in order to support the latest standards (like TLS1.2) so people using a N900 to browse the web are secure. This also includes modifying things where possible to disable the same depreciated algorithms and protocols and stuff that Mozilla, Google and others have disabled so they don't get used. Updating the browser engine (e.g. trying to support the latest HTML5/web 2.0 stuff etc) isn't really possible (too many things rely on it like Flash and Maps and the browser UI) but I bet we can do some things with the security stuff to improve things (including maybe even back-porting any critical patches that we can find and that are worth back-porting)
5.We should look at the installed set of root CAs and make sure its up to date with what everyone else is shipping so we aren't vulnerable
and 6.We should consider creating a "security update" for Maemo Fremantle with the criteria for what goes into it being similar to the various "long term" security updates for Linux distros like Debian and Ubuntu. In particular, it would be more conservative than even CSSU-stable and wouldn't ship any new-feature-work (like the portrait/screen rotation stuff)
http://wiki.maemo.org/Fremantle/Repositories actually proposes exactly what I suggested for #5.
Yes these are just ideas and yes it needs people who can actually do the work (I can certainly help where my time and skills allow) but its a thought on how we can make one of the best cellphones ever produced secure enough to survive out there in today's increasingly dangerous online environment.