On Nov 26, 2009, at 13:45, Lucas Maneos wrote:

>> - Suppose tomorrow a security hole is found in openssh, if it's not visible
>> in h-a-m how will users know about it?

This is orthogonal. If someone who installs openssh via apt-get hears that they 
need to upgrade, they'll upgrade via apt-get. If they use HAM, they'll use ham. 
The question is how do they get informed?

This begs the question(s): does maemo.org have a security team? Do they 
communicate CAN vulnerabilities? Do we have a security policy? 

> 
> This is the biggest issue IMHO.  In plain words: the platform package
> management is a Good Thing(TM), and packages shouldn't fall
> outside it, especially not for arbitrary reasons like they don't have a
> GUI.

This is hardly arbitrary. It is based on the observation that non-GUI apps are 
hard to use for end users. Do you not agree?

Jeremiah



_______________________________________________
maemo-community mailing list
maemo-community@maemo.org
https://lists.maemo.org/mailman/listinfo/maemo-community

Reply via email to