So with shared source codes with selected 3rd party you'll enable them to explore new backdoors and make custom compiled version with added backdoors.
Also since the parts in question is closed source the public won't be able so spot differences in custom vs. vanilla Sailfish parts or search for backdoors themselves.
How can this be labelled as secure?
It's secure from their partners' point of view. Just as it's 'full open source' only from their partners' point of view.
It's secure from their partners' point of view. Just as it's 'full open source' only from their partners' point of view.
Which is fair enough. He who pays the piper calls the tune.
Which brings me back to the point I've been trying to get across for years. Jolla is NOT the open-source messiah some would like to see it as. It is just another company trying to make a living.
Actually, isn't it the case large-enough governments can get full source code access to most operating systems, even Windows, under appropriate non-disclosures and other conditions etc?
And what would change if they are?
Would that atract new OEMs to make HW with sailfih? No.
Would that made carriers to support it? No.
Would that made 183643 new developers? No. And particulary BIG NO since from inception for some misterious reasons Jolla does not support paid apps and does not won't people to make money on their work. Meanwhile, I just paid 80€ to sygic a few days ago so that I can have mirrorlink function within their nav app.
Would that made various different 3rd party apps that we need or use on a daily basis or here and there, but still use, on other platforms suddenly appear on sailfish? No.
Signal is apparently way better option than Telegram because it's fully open........But AFAIK they don't allow access to 3rd party apps. So how is that better than any closed source app?
There's 66538 different problems with Jolla and sailfish but a few closed source components are not one of those.
So Jolla will oversee any code going back in to SailfishOS to maintain independent offering. Leaking code is probably prohibited by commercial contracts.
This doesn't mean that any 3rd party with source code access could omit telling Jolla about found security bugs and use these as backdoors.
Also an NDA doesn't guarantee that source code won't get leaked even trough it's prohibited. Just look at the recent leak of iBoot code.
As I've understood from your picture Jolla doesn't have access to Sailfish RUS specific source code meaning backdoors could be inserted without Jollas knowledge. Only into the RUS specific version though.
This doesn't mean that any 3rd party with source code access could omit telling Jolla about found security bugs and use these as backdoors.
Also an NDA doesn't guarantee that source code won't get leaked even trough it's prohibited. Just look at the recent leak of iBoot code.
As I've understood from your picture Jolla doesn't have access to Sailfish RUS specific source code meaning backdoors could be inserted without Jollas knowledge. Only into the RUS specific version though.
That'd be a GPL violation right there. Which translates into a higher risk for the players (for example the RUS specific version).
Bottomline : get caught with your pants down, and it's trouble
EDIT : this for the OPEN components. It might actually be that Jolla will be forced to open up the (remaining) closed ones for security validation.
