-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 07/07/2014 11:39 AM, Dave Morley wrote: > On Mon, 7 Jul 2014 11:22:01 -0400 Rick Spencer > <rick.spen...@canonical.com> wrote: > >> On Mon, Jul 7, 2014 at 7:31 AM, Alan Pope >> <alan.p...@canonical.com> wrote: >> >>> We have had a few new "apps" uploaded to the click store which >>> I have concerns about. >>> >> .... >> >>> >>> Here's some links for context. >>> >>> https://myapps.developer.ubuntu.com/dev/click-apps/881/ >>> https://myapps.developer.ubuntu.com/dev/click-apps/859/ >>> https://myapps.developer.ubuntu.com/dev/click-apps/880/ >>> >>> The one (from the same user) which troubles me more is this >>> one:- >>> >>> https://myapps.developer.ubuntu.com/dev/click-apps/905/ - >>> "Antivirus" >>> >>> This app does _nothing_. The entire content of the app is one >>> html page which says it's WIP. >>> https://pastebin.canonical.com/113043/ . Putting an "AV" app in >>> the store sets a bad example early on. "Why do they need an AV >>> system, I thought their security policy made apps secure?". >>> >> >> To be honest, an AV app that does nothing could be construed as >> malicious, in my opinion. >> >> Cheers, Rick > > Is there a way we can do a check that the support url actually > shows a webpage or actually exists and reject the app if it > doesn't? Looking at his it is a non-existent page. > > > It would probably require a firewall rule change to allow MyApps to make an out-bound HTTP request, and IS might have concerns about that from the security perspective, but technically it would be easy. Michael Hall mhall...@ubuntu.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTusBoAAoJEInUYcGJgfVy7g4P/jGinTuyUPcE5pFgEVes2yzS 0IxUyrgyqpn+IO3CI+LDgYZtTL9F3bh1474AM1ut+/B9b0ZTYpIGJNQbmYDGBAj2 tYdyhvuYU61+SFeCUvvEUz2+FB53Yh8lq8MLZA+qY6AfA6nlHFIyjvUaOrbn6wgE O1Jd6x4ZxigJHZ7w50p5vVUjH/tWu9D4DbNWhSCJV4HJNH/XRGp13wWQVrTl2TXe i9tOlwTo8nOgfot5AASpYOvMnS9XACL2tKuxiLmwT5YAJndjsAPm7pKzx1JCS8cm KNHsY9s8Tv5bEQ/rfi9B7b7WPqWTbCrWCkqg9B08Ib3sf88JaTpVy56KAZrw9S2K 6Baa6UNVDNa7nYuZBap0fGWarscWPLuWMt2b0NEVSLZUIbA6AJe7Y/S6Z4wVhpaY VOkhTMt65wArGLSU9KSoMorcotoQJN6e5WjwylJSG2SxE3n2IbbR4no0wg/rjN0u 42eqWy7rCYVcRK/8RwcwvtWZNy9+NlFOcx1tE5homxNV1lugSdFuaYIZhp6nMBNj XuHZU7wNOpsb6I1uWRE7kPF+nm97q9zLkMY0PyrU8c4lLUk+tYSeI+R9coT1gVmG YqzF18j5lfhiiUBQlMZEgcR6GKsOy14kXsNGrMaYgCHjtg6T7aK8enHDAnNNviQB 99/TscvREJjAq37woZbO =wUS8 -----END PGP SIGNATURE----- -- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : ubuntu-appstore-developers@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
