Re: Update 1.0.9.n this week?
 

you dont trust package built from sources in public obs? go and build latest bash with security patches yourself. oh, you dont believe patches from internet and dont want to apply it to sources, still sitting and waiting for OS maintainers to deliver you these modifications?

Re: Update 1.0.9.n this week?
 

I actually thought they would integrate younited with Jolla for automatic photo uploads etc. but yeh... not installing the android app.

Re: Update 1.0.9.n this week?
 

How do I know that is where it is built from?

Re: Update 1.0.9.n this week?
 

i'm using my brain to know what i need. is there any alternative to brains in our universe?

Re: Update 1.0.9.n this week?
 

Well, you can always just fetch the package directly from OBS. :)

BTW, there was a talk about an OBS bridge for OpenRepos - any status updates Basil ? :)

Re: Update 1.0.9.n this week?
 

How do I know that regarding Jolla's updates?
The keyword here is 'trust'. I trust Jolla and I trust OpenRepos.net Everything you do and use with your Jolla is a matter of trust, bro.

Re: Update 1.0.9.n this week?
 

OK, good for you. I don't trust OpenRepos.net.

Re: Update 1.0.9.n this week?
 

Quick reply...

What is the part that you do not trust: the compiler or the code? If compiler, then compile it yourself, like Gentoo, or feed it to a trusted builder. If code, then read it, or wait for the developers whom you trust to read it.

Best wishes.

Re: Update 1.0.9.n this week?
 

You have no idea how amused I am that "smart watch" got presumably hit by the forum swear filter.

Re: Update 1.0.9.n this week?
 

QA is the easiest, most obvious missing part. I can't even count the number of times I've upgraded a desktop linux distro and ended up with a nonbooting system, or a system that won't boot to UI, or broken audio, or, or, or ... you get the idea.

Seeing the number of distros that ship complex things like Qt virtually unpatched at the .0 minor release, after knowing the amount of effort we had to put into 5.1.x and now 5.2.x to get them to a remotely product-capable level, makes me realise that the people testing them aren't really testing them at all. Either that or they're testing with a "hello world".

Same with virtually every other piece of software in the world, unfortunately, although most aren't quite as large/complex (in terms of LOC).

A consumer product has to try much, much harder to avoid problems like those. And as it gets older, the compatibility matrix gets a lot bigger. And when it's open/hackable, the testing matrix is even bigger still, because you don't know what jerk decided to do some absolutely crazy thing to their system six months ago that they long since forgot about.

It's a pretty hard problem. A solvable one, with enough hands, but those aren't infinite.

Re: Update 1.0.9.n this week?
 

Right, except that we don't have bundling of all dependencies of an application. Welcome to Linux, enjoy your horribly uncomfortable stay unless you have a large team of people who know what API/ABI stability are, and can also claim to keep bug compatibility.

(I've yet to meet those people, unfortunately)

The impact of this is that if you just upgrade one part of things, you massively bloat out the number of combinations you have to test. And if any of those have a problem, and you miss it, well done - you just broke an application for an end user.

Re: Update 1.0.9.n this week?
 

Hey woot. Welcome back. Didn't you steal the latest update before you left. Bring us the leak. We won't tell anyone :D

Re: Update 1.0.9.n this week?
 

Neither or either. It doesn't matter. There is a trusted set of developers that have a duty to ensure a change is good and appropriate.. Jolla.

It's the same reason I take patches and updates from a restricted set of repos on my web servers rather than just finding a patch online and recompiling it. I can't review code for every change so I rely on professional companies with QA and support contracts.

Re: Update 1.0.9.n this week?
 

lol. If you dont know where to find the original sources, then dont install it.
hint! its GNU bash - use this search to find official patches
https://www.google.com/webhp?sourcei...+gnu+bash+4.3+

Re: Update 1.0.9.n this week?
 

If you want more laughs, http://talk.maemo.org/showthread.php?t=93648 (edit: wait, you already knew this :) ).

Re: Update 1.0.9.n this week?
 

/me explodes.

Re: Update 1.0.9.n this week?
 

Re: Update 1.0.9.n this week?
 

So on one side you have things like Debian Stable which ship 2-5 year old packages and take years to "stabilize", and on the other hand you have rolling distros which explicitly have minimal QA only (a glaring example is Sid).

You'd be surprised at the number of users Sid has.

I'm not saying one method is better than the other, but there's definitely some significant number of users that would choose "MOAR updated" even if it meant "it crashes every other day". I mean, google for "$DISTRO 'unstable' branch does not deserve its name, it's actually quite stable!!!!"-like posts where you get lots of people with questionable definitions of "quite stable".

Note personally I don't care about this. I use Gentoo stable, which is still stuck at a gcc version not much newer than what Jolla ships today, and Qt 4.8 .

Re: Update 1.0.9.n this week?
 

Of course I understand the problems. Nevertheless it is achievable.

Re: Update 1.0.9.n this week?
 

I appreciate the work you do over on openrepos, but the guy has a point about QA. That's the main difference between updates from you guys at openrepos and Jolla, and it's perfectly acceptable for someone to want to wait for the official package from Jolla that's undergone the sort of rigorous QA w00t is describing. That's the trust he's talking about - not suspicion of malicious code.

The problems back in March with bash are a clear example of that. It shouldn't be up to you guys to do extensive QA, so most people should get their stuff from Jolla and the store so they can be sure their phone will (mostly) keep working.

Re: Update 1.0.9.n this week?
 

There is a also a surprising number of people running Fedora Rawhide (and they have been doing that for years). :)

Re: Update 1.0.9.n this week?
 

But then again: it's still a matter of trust. Now I trust Jolla (and openrepos.net), but fact is: nor you nor me knows anyone personally at Jolla, nor do we get to look into what they compile into system updates. So how do you know you can trust them? Same thing as with openrepos.net: you just do.

Re: Update 1.0.9.n this week?
 

There's a way to solve the problem though: make the beta/RC system update process public. By which I mean: make it like an option in Developer Mode to allow beta/RC updates (with some warning or agreement along with it) so that users who really want to be more on the cutting edge side of things can do so.

Re: Update 1.0.9.n this week?
 

there is already one, but only sailors allowed to use it.

Re: Update 1.0.9.n this week?
 

If Jolla were to ship a flasher, then that sort of thing would be significantly easier. Not having that means it's a much more complicated process, as messing it up (or more likely, us messing up) =~ send your device in for repair.

That's not to say it's a likely scenario. I think I can count on one hand the number of times I got my Jolla to an unbootable state while working at Jolla, and most of those were my fault. But it's still a valid problem.

Re: Update 1.0.9.n this week?
 

As a long time release Fedora user I take this was meant as a comic relief. ;D

Doing that for years, perhaps one hour at the time... :D

Re: Update 1.0.9.n this week?
 

At least IMNSHO both of those are pretty awful options. I shouldn't have to choose between "recent enough to do what I need to do" and "stable enough that I can actually do it".

I really don't think the distribution design scales well with the volume of software there is out there.

If we had a stable base platform (API/ABI/etc) to build on, then life would be a lot simpler, and we could simply let developers release their own redistributable builds instead of everyone trying to package them & manage the packages (often independently of upstream, occasionally with very bad consequences when a mistake is made, which debian's run into in the past...).

On top of that, market forces would also help to dictate which software required extra "stability" treatment (through LTS releases etc, supported by entities like Jolla that had additional requirements on top of "whatever upstream decides to release today")

But, this is all a rather scary divergence from the status quo, and the likeliness of it actually happening is questionable.

Re: Update 1.0.9.n this week?
 

Depends on what agreement you push forward. Palm with their webOS devices did repairs under warranty even if you bricked your device due to flashing. But for example Huawei with their Android devices doesn't. If you choose the latter, then it would discourage some people to flash their Jolla but that could also be a good thing because then only select people would take the risk. Which makes it worth it to open up the beta/RC testing to the public.

Re: Update 1.0.9.n this week?
 

*cough* one more reason to ship a flasher! :D

Obviously. But that's impossible to do unless you artificially hide the most recent stuff, which is what "surprise mentality" (ah, maemo times) companies do. Whether that is preferable or not to the "brutally honest" model is up to each one...

I don't think this is in any way inherent to the 'current' GNU distribution model, but rather inherent to every software distribution model.

Re: Update 1.0.9.n this week?
 

Just to be clear, I mean absolutely no disrespect to the people that ship stuff on OpenRepos. It's just not for me. If my Jolla wasn't my main device then I'd experiment more perhaps.

I appreciate that people are putting their work on there simply because Harbour is currently too restrictive for them and hopefully that will change 'soon'.

Re: Update 1.0.9.n this week?
 

So YouNited OS integration is coming after all: https://twitter.com/zwemdisco/status/517994538468904960

Re: Update 1.0.9.n this week?
 

I'm bit confused by that tweet?

Re: Update 1.0.9.n this week?
 

https://mobile.twitter.com/JollaHQ/s...99573785382913

Native Younited app is certainly coming...

Re: Update 1.0.9.n this week?
 

The tweet doesn't really seem to say that. It says support for Jolla will be delivered via plug ins. That suggests the main app will remain Android.

Re: Update 1.0.9.n this week?
 

I understand it as the 'normal' way for that sort of apps. Not an application per se but integration at different place of the OS.
Sounds good to me.

Re: Update 1.0.9.n this week?
 

Well... I don't say anything then. If no native, it is nonono for me.

Re: Update 1.0.9.n this week?
 

... and soon! Now that they wasted 7 months for an Android version that has no clean solution for either up- or downloading to/from the cloud, I'm sure the native application will be a matter of hours.

Re: Update 1.0.9.n this week?
 

On system updates from OpenRepos vs. from Jolla. Let's say I have a Honda still under warranty. Now something banal breaks, e.g. the interior light. I call Honda and they tell me sorry, we are currently busy and out of parts, but your next scheduled service is coming, we will look at it then. Do I accept? Sure.

Compare it with when something crucial breaks, e.g. a brake light swich. I step on the brakes but the lights at the back of the car don't light up. Clearly not a desirable situation on a motorway. Would I accept the same conditions? Definitely not! I go to Johny down the road who has a good reputation and can fix it right away.

Of course, I could go to Johny with the banal fix too. So why don't I? Because the car is under a warranty and it is Honda's job to fix it. So is the crucial fix, but that can't wait, so Johny wins.

It's up to you whether you consider insecure Bash a broken brake light switch or a burned out interior light. Depending on your decision, install it now from OpenRepos or wait for Jolla. End of story.

Re: Update 1.0.9.n this week?
 

You're forgetting the fact that if Johnny changes your brake lights and afterwards your car won't start and it's clear that Johnny broke something, then Johnny will be under some sort of obligation to fix it. With Openrepos, Johnny doesn't test whether the brake lights he has in stock work with your Toyota, and takes no responsibility if they don't.

If you're good enough with cars, then you can fix it yourself, but then you might as well have bought a brake light yourself and fitted it. But if you don't know what goes on under the hood, then you're better waiting for Toyota to fit you in.

Re: Update 1.0.9.n this week?
 

@billranton: And you're forgetting the fact that testing any packages says nothing about whether it'll work as promised or not. Look at Apple's iOS 8 updates so far. They've broken more than they've repaired. But they've tested them though.