Reply
Thread Tools
Feathers McGraw's Avatar
Posts: 654 | Thanked: 2,368 times | Joined on Jul 2014 @ UK
#131
Could it also be related to sentiment about the new owners and not having the benefit of the doubt any more?

And also the fact that purism's librem5 is the "new hope"?
 

The Following User Says Thank You to Feathers McGraw For This Useful Post:
Guest | Posts: n/a | Thanked: 0 times | Joined on
#132
Is it stupid of me to ask whether or not this move will produce products that are trustworthy? Too early to tell?
 

The Following 7 Users Say Thank You to For This Useful Post:
pichlo's Avatar
Posts: 6,445 | Thanked: 20,981 times | Joined on Sep 2012 @ UK
#133
Originally Posted by gerbick View Post
Is it stupid of me to ask whether or not this move will produce products that are trustworthy?
Not sure if I would call it stupid but certainly unattractive. That question is what this thread is all about
__________________
Русский военный корабль, иди нахуй!
 

The Following 3 Users Say Thank You to pichlo For This Useful Post:
Guest | Posts: n/a | Thanked: 0 times | Joined on
#134
Originally Posted by pichlo View Post
Not sure if I would call it stupid but certainly unattractive. That question is what this thread is all about
And yet no definitive answer. Imagine that.
 

The Following 4 Users Say Thank You to For This Useful Post:
Posts: 285 | Thanked: 1,900 times | Joined on Feb 2010
#135
It's certainly doesn't generate much trust to have Kremlin involved in any way in anything. However, Jolla's licensing practice AFAIK gives the licensee full access to the source code of Sailfish OS. In that regard hiding some backdoor in the product would be more or less stupid idea in the first place. However, because manufacturer can add their own stuff, it boils down to question whenever do you trust either Jolla or the device manufacturer.
 

The Following 3 Users Say Thank You to JulmaHerra For This Useful Post:
Posts: 592 | Thanked: 1,167 times | Joined on Jul 2012
#136
Originally Posted by gerbick View Post
Is it stupid of me to ask whether or not this move will produce products that are trustworthy? Too early to tell?
there's no stupid questions; just stupid answers
__________________
BWizz - best N9 bookmark editing tool! Check it out ->BWizz for Harmattan

LINKer - transform your N9's home view in a Desktop, give it the freedom it deserves! -> LINKer for Harmattan

QuickBar - Can't find the app you used yesterday in your overcrowded Home Screen? Want access to the QuickLaunch bar even in the home screen? QuickBar for Harmattan

If you like our work, and would like to support via PayPal : users.giulietta@gmail.com
 

The Following 4 Users Say Thank You to tortoisedoc For This Useful Post:
Posts: 592 | Thanked: 1,167 times | Joined on Jul 2012
#137
Originally Posted by JulmaHerra View Post
It's certainly doesn't generate much trust to have Kremlin involved in any way in anything. However, Jolla's licensing practice AFAIK gives the licensee full access to the source code of Sailfish OS. In that regard hiding some backdoor in the product would be more or less stupid idea in the first place. However, because manufacturer can add their own stuff, it boils down to question whenever do you trust either Jolla or the device manufacturer.
This also explains the reason for them to rename the OS; perhaps they will use the MER middleware as a basis for something else.
__________________
BWizz - best N9 bookmark editing tool! Check it out ->BWizz for Harmattan

LINKer - transform your N9's home view in a Desktop, give it the freedom it deserves! -> LINKer for Harmattan

QuickBar - Can't find the app you used yesterday in your overcrowded Home Screen? Want access to the QuickLaunch bar even in the home screen? QuickBar for Harmattan

If you like our work, and would like to support via PayPal : users.giulietta@gmail.com
 

The Following 3 Users Say Thank You to tortoisedoc For This Useful Post:
Posts: 74 | Thanked: 355 times | Joined on Aug 2017
#138
Originally Posted by gerbick View Post
Is it stupid of me to ask whether or not this move will produce products that are trustworthy? Too early to tell?
That is the big elephant in the room after this deal. The thing is: no one can tell by now.
From a technical point of view, Jolla's licensing model allows it's partners to access the SFOS source code, make adjustments and then use the resulting product. Some of those improvements can be backported into SFOS. So it is possible to implement backdoors unnoticed since a big part of SFOS (Silica) is not open source, meaning you can't review new changes for such implementations.
On the other hand, there is a big difference between Jolla Oy (which develops SFOS) and the Jolla Ltd which is the business construct for licensing SFOS and from which Russia Telecom now owns the majority of shares. If they get any influence (and if they do, how much of it) over the SFOS development with this deal is hard to tell. Only Jolla can tell, but probably won't. That's why there are all those wild speculations here.

Let's look at that matter from the perspective of motivation:
The first licensing deals in Russia for SFOS were to obtain an independent mobile operation system for governmental use which is not associated with the USA or China. With this motivation, you're target probably isn't to implement backdoors, but to make the system more resilient and safe to be protected against foreign intelligence services.
Now with the Russia Telecom deal and the focus towards consumer market, this changes. Seeing Russia's tendencies towards internet censorship and crackdown on privacy-friendly tools, I'd say there is a fair chance for adding backdoors as surveillance measures. This would probably affect the russian SFOS at first, but unfortunately it's not infeasible to find it's way back into SFOS itself (and be it unintended when someone forgets to remove it from a backport).
Again, only Jolla can tell about possibilities or countermeasures (if they are not bound by some kind of NDA). So in the end, all we can do now is wildly speculating and maybe look for (in-existent) alternatives.
From my point of view, the best way for Jolla to counter all those wild speculations and fears about russian influence would be to finally move all SFOS components to an open source license, so everybody can check the changes.

One final thought: We are arguing here about possible privacy violating implementations to our operation system in the future while it contains the unaudited closed source security sh*thole called Broadcom baseband from the very beginning.
 

The Following 19 Users Say Thank You to jenix For This Useful Post:
Posts: 133 | Thanked: 387 times | Joined on Jul 2011
#139
I was under the impression that these guys want to make their own downstream version. I think that should not affect sfos itself other than help it have money / dev resources.
 

The Following 3 Users Say Thank You to pexi For This Useful Post:
Posts: 74 | Thanked: 355 times | Joined on Aug 2017
#140
I brought this topic into the last Community Meeting. As expected, Jolla can't really comment on these speculations, since they are only speculations (what can they really say about it?). But James pointed out that the backports (improvements to SFOS components) from their licensing partners usually affect packages from the MER project, so they are already open source and can already be tracked and reviewed.

Regarding publishing the code of the yet closed parts of SFOS, Jolla's argument seems to be that they won't be able to handle additional stuff like reviewing commits and pull requests from the community. They also seem to be afraid of forks being made when they release the code.

You can read all in the Log of the meeting here, starting at around 08:08.
http://merproject.org/meetings/mer-m...08.00.log.html
 

The Following 8 Users Say Thank You to jenix For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 13:01.