On Wed, Jan 5, 2011 at 2:40 PM, Dianne Hackborn <[email protected]> wrote:
> The current version of Android is available to you. This is the same code > that is shipping on the very most recent devices. > Generally, once a product has shipped, it is no longer the -current- -development- version. > Did I ever say an IME can not be malicious? No I did not. In fact I have > said multiple times now that an IME is intrinsically in a good spot to be > malicious, so you as a user must trust one you are using, which is why the > warning dialog is there. > > I think we agreed here, actually... > As far as what HTC has done -- *everyone* has shipped an Android device > with a security hole, like any other platform. Whether they put the log in > their IME or in the framework somewhere where it dispatches events, I don't > see that this makes much of a difference. It's a security hole either way, > which was found, reported, and relatively quickly fixed. > > And here too. > On Wed, Jan 5, 2011 at 11:09 AM, Disconnect <[email protected]>wrote: > >> What does that your aspersion have to do with getting the actual current >> dev tree instead of the old versions on the website? (And at the end of the >> day, actually, none of it has anything to do with the original question, >> which I think was answered: yes, an IME can be malicious, and HTC has even >> shipped one that way. With, of course, no prompt to the user since it came >> pre-installed.) >> >> >> On Wed, Jan 5, 2011 at 1:57 PM, Dianne Hackborn <[email protected]>wrote: >> >>> On Wed, Jan 5, 2011 at 10:32 AM, Disconnect <[email protected]>wrote: >>> >>>> Great, where do I get access to the latest dev tree? >>>> source.android.comseems to only carry old versions that are thrown over >>>> the wall >>>> occasionally.. >>> >>> >>> I have personally been reviewing and approving a couple changes a day, in >>> the core framework. There is nothing stopping you from contributing a patch >>> except your own abilities. >>> >>> -- >>> Dianne Hackborn >>> Android framework engineer >>> [email protected] >>> >>> Note: please don't send private questions to me, as I don't have time to >>> provide private support, and so won't reply to such e-mails. All such >>> questions should be posted on public forums, where I and others can see and >>> answer them. >>> >>> >> > > > -- > Dianne Hackborn > Android framework engineer > [email protected] > > Note: please don't send private questions to me, as I don't have time to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can see and > answer them. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
