> -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Sven Ruin > Sent: Friday, February 28, 2014 12:00 AM > To: [email protected] > Cc: [email protected] > Subject: Re: [Tizen General] Tizen security > > The revelations about Nokia-Microsoft-NSA (see for example > www.computerworld.com.au/article/539173/nokia_hot_water_over_finland_pr > ivacy > _flap/) does make you wonder how often security/privacy is just a marketing > pitch. Even if Tizen is hardened by design, which should protect against > threats > from ordinary hackers, I would be interested to know if there is any policy or > other measures (existing/planned) to prevent that security/privacy is > compromised by the companies involved or government agencies?
For starters, there are corporate policies against this sort of behavior. For finishers, it would be a wholesale breach of ethics. I work in the community, and worked in the community long before it was part of my job to do so. I defended the people at the NSA when there were hints there might be backdoors in SELinux. No, we're not doing that here. Every bit of cred that I have developed over the past 35 years is on the line. Ask the question, it's a fair question to ask, and look at the code, it's all there for you to scrutinize. > Sven > > > -----Ursprungligt meddelande----- > Från: [email protected] > [mailto:[email protected]] För Sven Ruin > Skickat: den 9 januari 2014 07:25 > Till: 'Carsten Haitzler (The Rasterman)'; 'Jason Ross'; 'Schaufler, Casey' > Kopia: [email protected]; [email protected] > Ämne: Re: [Tizen General] Tizen security > > Thank you for the replies, which make me very hopeful about Tizen. I would > like > to add that it is very important that users can be sure that there is no > backdoor, > software updates that the user can't control, etc. Please don't repeat the > mistakes others have done (see e.g. > http://www.technobuffalo.com/2013/08/22/nsa-windows-8-exploit/). > > Sven > > > -----Ursprungligt meddelande----- > Från: Carsten Haitzler (The Rasterman) [mailto:[email protected]] > Skickat: den 8 januari 2014 01:09 > Till: Schaufler, Casey > Kopia: Sven Ruin; [email protected]; [email protected] > Ämne: Re: [Tizen General] Tizen security > > On Tue, 7 Jan 2014 16:45:30 +0000 "Schaufler, Casey" > <[email protected]> said: > > i'd say there is an objective thing to tizen (at least for tizen 3 on)... > smack > allows us to have multiple users AND application containering (via smack) into > their own "effective" uid. android re-used uid's for each app "container" so > we > lost multi-user... unless android goes using groups for users... but then you > can > have users and not groups... :) tizen has 1 EXTRA layer of containering for > apps > vs android. that allows more control and still a familiar user model for > developers, system builders, etc. > > > Tizen is taking security very seriously. We are using the Smack Linux > > Security Module to provide mandatory access control. We are taking a > > very aggressive stance with regard to keeping system services > > protected. There > is > > unlikely to be a hardened version of Tizen simply because we are > > creating > a > > hard system by design. It is our intention that Tizen will be more > > secure than the alternatives, even those that have been augmented to > > meet special needs. There will always be debates about which security > > scheme is best > and > > where the line between security and user experience should be drawn. > > There isn't an objective security measure, so there will be a > > component of > personal > > judgment in any comparison. By putting security into the initial > architecture > > we believe that Tizen will compare well with any other system in the > > marketplace. > > > > > > From: [email protected] > > [mailto:[email protected]] On Behalf Of Sven Ruin Sent: > Monday, > > January 06, 2014 9:45 PM To: [email protected] > > Cc: [email protected] > > Subject: [Tizen General] Tizen security > > > > To the Tizen community, > > > > As you may know, some find it hard to see what Tizen has to recommend > > over existing products. I'm not yet familiar with Tizen, but think one > > of the > most > > important advantages that Tizen could hopefully bring is a higher > > level of security. Therefore I wanted to ask if Tizen will really be > > much more > secure > > than other alternatives, in particular Android, even if Tizen will one > > day capture a large market share? > > > > For background information, see for example F-Secure's Mobile Threat > Report > > Q3 2013 on http://www.f- > secure.com/en/web/labs_global/whitepapers/reports. > > > > Best regards, > > > > Sven Ruin > > > -- > Carsten Haitzler (The Rasterman) <[email protected]> > > _______________________________________________ > General mailing list > [email protected] > https://lists.tizen.org/listinfo/general > > _______________________________________________ > General mailing list > [email protected] > https://lists.tizen.org/listinfo/general _______________________________________________ General mailing list [email protected] https://lists.tizen.org/listinfo/general
