Request For Candidates: Application Review Board

Philipp Kern pkern at
Tue Aug 17 21:25:10 BST 2010


am Wed, Aug 18, 2010 at 08:13:49AM +1200 hast du folgendes geschrieben:
> On Tue, Aug 17, 2010 at 1:11 PM, Allison Randal <allison at> wrote:
> > What we have now in the PostReleaseApps process is a very conservative
> > toe-test of the waters. Several comments in this thread are around the
> > general theme of "How is this any different/better than REVU?" Well, it
> > really isn't yet. There are important security and quality reasons why
> > our current packaging process is what it is. It's a solid, reliable
> > process and we won't diverge far from that in the first round. But
> > there's great potential in the future. For example, Android and Scratch
> > can be so completely open to new app distribution because the code runs
> > in a tightly controlled sandbox, with guarantees that the worst a bad
> > app can do is crash itself (think "PyPy sandbox" but better).
> One thing to note is that security and privacy researches have found
> whole new ways for these apps to misbehave. Some staggering percentage
> ( I don't recall what it was offhand ) of legitimate phone home with
> personal details garnered from the phone, that the user wouldn't
> consider reasonable to be gathered and transmitted.

FWIW the application install process on Android asks for an insanely long list
of privileges to grant when you install an app.  Of course it's the app
requesting this privileges, but at some point you will have users just
acknowledging the install process despite of it, because they really want the
app.  I'd suppose that this also happened in the case you refer to and that
it was not a sandboxing failure.

Kind regards,
Philipp Kern
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
Url : 

More information about the ubuntu-devel mailing list