Active Topics
-
Is there a section to talk about Java ME? Apps, etc. (5)
to General by teroyk - 6 days, 5 hrs ago -
Extra softwares in Sailfish using CLI, repositories, etc (118)
to SailfishOS by nieldk - 6 days, 10 hrs ago - more...
 |
thp |
2010-04-11
, 19:15
|
|
Posts: 1,391 |
Thanked: 4,272 times |
Joined on Sep 2007
@ Vienna, Austria
|
#21
|
Originally Posted by Jaffa
What's defined as "trivial attack vector", and which kind of password is to be prompted during installation? Isn't that a hassle for the user to always enter a password during installation (and maybe upgrade) of a daemon? (I'm specifically thinking of headphoned here, because this change would probably affect my package and cause more work with no real benefit for me or the user in the case of headphoned)
| The Following User Says Thank You to thp For This Useful Post: | ||
 |
|
2010-04-11
, 19:22
|
|
Posts: 2,535 |
Thanked: 6,681 times |
Joined on Mar 2008
@ UK
|
#22
|
Originally Posted by thp
The most obvious example of a "trivial attack vector" being if OpenSSH server didn't prompt for a new root password. The factory root password of Maemo is well known, and the daemon is started at runtime.
What's defined as "trivial attack vector", and which kind of password is to be prompted during installation? Isn't that a hassle for the user to always enter a password during installation (and maybe upgrade) of a daemon? (I'm specifically thinking of headphoned here, because this change would probably affect my package and cause more work with no real benefit for me or the user in the case of headphoned)
headphoned doesn't listen on any remote port and only communicates with Bluetooth (AIUI, although it doesn't pause when my BT headphones disconnect, so maybe I misread that).
Perhaps it'd be better defined as "trivial remote attack vector"?
__________________
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org
| The Following User Says Thank You to Jaffa For This Useful Post: | ||
 |
|
2010-04-11
, 19:43
|
|
Posts: 11,700 |
Thanked: 10,045 times |
Joined on Jun 2006
@ North Texas, USA
|
#23
|
Sounds like a plan.
__________________
Nokia Developer Champion
Different <> Wrong | Listen - Judgment = Progress | People + Trust = Success
My personal site: http://texrat.net
Nokia Developer Champion
Different <> Wrong | Listen - Judgment = Progress | People + Trust = Success
My personal site: http://texrat.net
|
|
2010-04-11
, 22:59
|
|
Posts: 2,802 |
Thanked: 4,491 times |
Joined on Nov 2007
|
#24
|
Originally Posted by Jaffa
Well put, though "main purpose" may leave some gray areas.
- An application MUST use the standard CLI icon, or the standard CLI badge over an alternative icon, if the user must use X Terminal to start the main purpose of the application.
- Packages which auto-start in a secure manner, or enable alternative functionality in other applications, SHOULD NOT use the CLI icon, as interaction with them through the CLI is not required.
- Any daemon which auto-starts MUST NOT provide a trivial attack vector, and so SHOULD (for example) prompt for a password during installation.
|
|
2010-05-31
, 12:50
|
|
Posts: 2,829 |
Thanked: 1,459 times |
Joined on Dec 2009
@ Finland
|
#25
|
Do we have May list? Probably itīs "bit" late but then June list maybe?
|
|
2010-05-31
, 13:07
|
|
Posts: 489 |
Thanked: 404 times |
Joined on Dec 2009
|
#26
|
Originally Posted by slender
It's been a very long time since the last list: I can write them, but I don't think there are enough testers for making them useful. Personally I've continued the testing and voted as many apps as I can, but the queue is getting longer every day (this is the first time I see page 5).
Do we have May list? Probably itīs "bit" late but then June list maybe?
However, if you say there are testers, I'll create a list.
|
|
2010-05-31
, 13:16
|
|
Posts: 2,829 |
Thanked: 1,459 times |
Joined on Dec 2009
@ Finland
|
#27
|
I do not know if there is more testers, but monthly "advertisement" about this is not bad IMHO 
There is more and more users but in this jungle of information here nobody knows where to begin or what is happening here and some direction sign are always useful 
There is more and more users but in this jungle of information here nobody knows where to begin or what is happening here and some direction sign are always useful
|
|
2010-05-31
, 13:23
|
|
Posts: 1,208 |
Thanked: 1,028 times |
Joined on Oct 2007
|
#28
|
Here's a list of packages in testing queue http://maemo.org/packages/repository...in_repo_page=5 . What more lists are really needed?
You can start from any part of the list and test as many applications as you wish. If application has already 10 votes or more, more testing is not necessarily needed.
You can start from any part of the list and test as many applications as you wish. If application has already 10 votes or more, more testing is not necessarily needed.
|
|
2010-05-31
, 13:27
|
|
Posts: 489 |
Thanked: 404 times |
Joined on Dec 2009
|
#29
|
Originally Posted by slender
You know what? You are definitively right. Tomorrow i'll create a new list, and I'll try to "hire" as many new testers as I can. Something like "Maemo.org Testing Squad WANTS YOU" or similar.
I do not know if there is more testers, but monthly "advertisement" about this is not bad IMHO
The new list will focus on apps that needs just a few votes in order to reach Extras, hope that will clean the queue a bit. I'll also insert a Vote Down section for removing not-ready apps.
|
|
2010-05-31
, 13:27
|
|
Posts: 2,829 |
Thanked: 1,459 times |
Joined on Dec 2009
@ Finland
|
#30
|
@mikkov
IMHO all talking (Just guess that not many users follow other areas of maemo.org) here evoke people to do testing and experiment their N900.
Now everything is probably crystal clear for people who have been here for ~4 months, but new potential users and users who have forgot this can get idea.
All in all I think that all the little projects what you have going on here need little advertisement once in awhile. Itīs not always bad.
.edit
It doesnīt always get people going (looks/feels like waste of time) but you can be sure that if you are not on view at all then itīs quite probable that no-one knows or will know about you.
Last edited by slender; 2010-05-31 at 13:31.
IMHO all talking (Just guess that not many users follow other areas of maemo.org) here evoke people to do testing and experiment their N900.
Now everything is probably crystal clear for people who have been here for ~4 months, but new potential users and users who have forgot this can get idea.
All in all I think that all the little projects what you have going on here need little advertisement once in awhile. Itīs not always bad.
.edit
It doesnīt always get people going (looks/feels like waste of time) but you can be sure that if you are not on view at all then itīs quite probable that no-one knows or will know about you.
Last edited by slender; 2010-05-31 at 13:31.
 |
| Tags |
| extras, testing apps |
«
Previous Thread
|
Next Thread
»
|
All times are GMT. The time now is 19:28.