Frantisek Dufka wrote: > Aniello Del Sorbo wrote: > >> Yes, and the Application Manager (by looking at the packages flags >> somehow) could tell if this is a system app (and thus ask the User to >> enter somekind of passphrase) or a user app (thus installing it with >> no hassle). Asking the User for a kind of passphrase will give >> Application Manager root privileges and thus dpkg could be ran as root >> and those apps would install as usual and do their (good) job. >> > > And how is this different from the current warning about non Nokia > application? I simply fail to see any additional security. > Because people don't usually read warnings and tap OK too fast. Entering a passphrase makes them think. If a package is not labeled as a system one, it can be installed without even the warning (as it would be installed as 'user'). Again, I am not saying that with that system you are safe. There's no way to be safe. I am only saying that that system makes it a bit harder to brick the device, but my whole point at the beginning was to only tell people that dpkg does not require root privileges. The discussion went on and I throwed away this idea that, a part from giving a slight (let's call it) safer installation system, COULD give the chanche of installing apps on the memory card (and this is totally unrelated with the security issue). At almost NO additional cost. > So you basically want another similar dialog telling you this package > (dropbear) can really mess your system? > No. -- anidel PS: I think we can stop the discussion here :)
