[SailfishDevel] Scriptlets in RPM hot allowed to Harbour
Martin Kolman
martin.kolman at gmail.com
Sat Jan 11 12:51:13 UTC 2014
11.1.2014 13:34, Alejandro Exojo:
>> QA can check if post script doing some good job and allow it?
> If the script is simple, yes. If it is not, there is a serious risk that
> somebody adds a trojan horse to the phone.
>
> That would mean that somebody has to define what is a simple script. And that a
> problem in QA could mean a trojan horse is added to users' phones.
And yet normal Linux distributions like Fedora, Debian, Ubuntu or
openSUSE manage to check their tens of thousands of packages just fine...
BTW, I would be more concerned of closed source binary-only packages
being submitted to the store, than about scripts you can actually read.
The blob can on the other hand do anything without QA having any
reasonable means to check for that.
More information about the Devel
mailing list