[SailfishDevel] Scriptlets in RPM hot allowed to Harbour

Martin Kolman martin.kolman at gmail.com
Sat Jan 11 12:51:13 UTC 2014

11.1.2014 13:34, Alejandro Exojo:
>> QA can check if post script doing some good job and allow it?
> If the script is simple, yes. If it is not, there is a serious risk that
> somebody adds a trojan horse to the phone.
> That would mean that somebody has to define what is a simple script. And that a
> problem in QA could mean a trojan horse is added to users' phones.
And yet normal Linux distributions like Fedora, Debian, Ubuntu or 
openSUSE manage to check their tens of thousands of packages just fine...

BTW, I would be more concerned of closed source binary-only packages 
being submitted to the store, than about scripts you can actually read.
The blob can on the other hand do anything without QA having any 
reasonable means to check for that.

More information about the Devel mailing list