maemo.org - Talk

maemo.org - Talk (https://talk.maemo.org/index.php)
-   MeeGo / Harmattan (https://talk.maemo.org/forumdisplay.php?f=45)
-   -   What is aegis [MSSF] and how does it affect Free Software development? (https://talk.maemo.org/showthread.php?t=76635)

momcilo 2011-09-12 22:58

What is aegis [MSSF] and how does it affect Free Software development?
 
It was mentioned several times, I've decided to create this thread to determine what is aegis, and how it will affect us.

In short aegis is actually part of:
Mobile Simplified Security Framework (MSSF)

EDIT: Renamed the topic title.
EDIT2: Renamed again

AlMehdi 2011-09-12 23:07

Re: What is aegis?
 
Aegis is the new security framework of Harmattan. A pain in the *** if you ask me.

Radicalz38 2011-09-12 23:09

Re: What is aegis?
 
If you ever used symbian it's more of the security thingy they made that you cannot install unsigned applications.

Acidspunk 2011-09-13 00:05

Re: What is aegis?
 
Do you need to have a certificate and sign all your apps like symbian? That was a major pain in the ***. Especially for homebrew apps.

marxian 2011-09-13 01:40

Re: What is aegis?
 
You don't need to sign applications, but applications need to request permission to access the tracker, use dbus etc. This is done by including a .aegis file in your .deb package that uses an XML-like syntax.

Radicalz38 2011-09-13 05:30

Re: What is aegis?
 
Still same like symbian...

Symbian = Without .cer & .key to sign your sisx files = No Permission
Meego = Without .aegis to include in your deb files = No Permission

tuxsavvy 2011-09-13 07:05

Re: What is aegis?
 
Aegis here in detail thanks to joerg_rw. Paraphrasing some quotes (from infobot on #maemo IRC channel):
Quote:

Originally Posted by infobot
The purpose of this framework is: ... to make sure that the platform meets the requirements set by third party software that requires a safe execution environment.

More information is also available on wikipedia according to infobot

ajack 2011-09-13 07:36

Re: What is aegis?
 
Thanks for this discussion, am skipping the N9 then... I saw how such a mechanism killed UIQ3 on Symbian...

momcilo 2011-09-13 08:58

Re: What is aegis?
 
Quote:

Originally Posted by marxian (Post 1087184)
You don't need to sign applications, but applications need to request permission to access the tracker, use dbus etc. This is done by including a .aegis file in your .deb package that uses an XML-like syntax.

Thank you for pointing me to the right direction. The first time the aegis was mentioned I've failed to find online documentation (either due to the missing "dbus" keyword or it simply was not there)

For all interested Harmattan documentation on security is here.

The information on aegis syntax is here.


So far it sounds like TPM, which if it is true s*** big time.

javispedro 2011-09-13 09:06

Re: What is aegis and how does it affect Free Software development?
 
Sadly, the problem with Aegis comes with its policy; currently, you are still to see <sarcasm> "the best of it" </sarcasm> :): its current policy is rather allowing to applications from the unknown source (aka unsigned applications).

How this policy will be in later firmwares is something I don't know. The hints that are in the current firmware's restok.conf file do not look good, but for the time being, I am giving them the benefit of the doubt.


All times are GMT. The time now is 07:07.

vBulletin® Version 3.8.8