Request For Candidates: Application Review Board
Robert Collins
robert at ubuntu.com
Tue Aug 17 21:13:49 BST 2010
On Tue, Aug 17, 2010 at 1:11 PM, Allison Randal <allison at ubuntu.com> wrote:
> What we have now in the PostReleaseApps process is a very conservative
> toe-test of the waters. Several comments in this thread are around the
> general theme of "How is this any different/better than REVU?" Well, it
> really isn't yet. There are important security and quality reasons why
> our current packaging process is what it is. It's a solid, reliable
> process and we won't diverge far from that in the first round. But
> there's great potential in the future. For example, Android and Scratch
> can be so completely open to new app distribution because the code runs
> in a tightly controlled sandbox, with guarantees that the worst a bad
> app can do is crash itself (think "PyPy sandbox" but better).
One thing to note is that security and privacy researches have found
whole new ways for these apps to misbehave. Some staggering percentage
( I don't recall what it was offhand ) of legitimate phone home with
personal details garnered from the phone, that the user wouldn't
consider reasonable to be gathered and transmitted.
In some countries these apps will be illegal because they violate
privacy laws :)
I'm very interested in how we'll ensure that this sort of bad
behaviour doesn't sneak in.
-Rob
More information about the ubuntu-devel
mailing list