[Meego-architecture] [MeeGo-dev] MSSF manifests in RPM

Ryan Ware ware at linux.intel.com
Mon May 2 12:37:53 PDT 2011 

On 5/2/11 7:12 AM, "Alberto Mardegan" <mardy at users.sourceforge.net> wrote:

>(moving thread to meego-architecture)
>
>On 05/02/2011 04:53 PM, Arjan van de Ven wrote:
>> On 5/2/2011 5:39 AM, Alberto Mardegan wrote:
>>> Hi all,
>>> what is the current state of MSSF manifest files in MeeGo?
>>
>> the current state is that MSSF is not part of, or integrated into,
>>MeeGo... and
>> won't be.

To be explicit, portions of MSSF were incorporated into the
devel:security:mssf sandbox in OBS.  However, a complete solution never
made it into MeeGo and MeeGo will not be using MSSF as a future solution.
We will be using different Linux technologies to support many of the same
security goals.

>Mmm... but I think we all agree that a security framework is needed. What
>will 
>it be, then?

We will have a broader security framework.  There have been discussions on
different aspects of it on the meego-security-discussion mail list.  A
final framework should be published by the end of May.

>In your mail from March 7th, you announced that the long term focus for
>the 
>MeeGo security would be end-user privacy. To me, that also means having
>the 
>means for a process which "owns" some of the user data to establish the
>identity 
>of another process which requests access to the said data. IMHO, this is
>something that MSSF is doing very well in Harmattan, so I hope that this
>possibility will also come to MeeGo.

Having this ability is not unique to MSSF.  There are other Linux
technologies that are applicable to this.

>Without this, you basically cannot give different access rights to
>applications 
>which are coming from a trusted origin (such as the device manufacturer
>or an 
>approved application store) and applications coming from the community.

As I said above, there are other Linux technologies to do this.  For
example, Android does this via uid/gid separation.  I think that is
inadequate in and of itself, but am using it simply to illustrate the
point.  

Ryan

>Ciao,
>   Alberto
>
>-- 
>http://blog.mardy.it <-- geek in un lingua international!
>_______________________________________________
>MeeGo-dev mailing list
>MeeGo-dev at meego.com
>http://lists.meego.com/listinfo/meego-dev
>http://wiki.meego.com/Mailing_list_guidelines

More information about the MeeGo-architecture mailing list