[Dev] Antwort: RE: Re: WG: RE: Antwort: Re: Privilege Platform

Robin Wertz robin.wertz at clausohm.de
Thu Oct 27 09:34:04 GMT 2016


Hi, 
2. is fault. You can use sdb install when your gear is connected over 
wifi.





Von:    김보곤 <bogon82.kim at samsung.com>
An:     하이츨러 <c.haitzler at samsung.com>, 김보곤 
<bogon82.kim at samsung.com>
Kopie:  Robin Wertz <robin.wertz at clausohm.de>, dev at lists.tizen.org 
<dev at lists.tizen.org>
Datum:  27.10.2016 11:19
Betreff:        RE: Re: [Dev] WG: RE:  Antwort: Re:  Privilege Platform



Two points I would like to insist is
 
1.
I believe blocking sideloading is very good way to protect to snick out 
paid-application to the public which is asset of developers.
As you can see, I'm a member of gear watchface designer which provide 
designer tools to create gear watchface.
We did lot's of effort so now designer needs only minites to get the 
certificaiton information not like ios does.
This also contributed to Tizen Studio.
As a result, lots of designers can join to tizen eco system with very 
quality watchface application.
And this is one of reasons people like gear watch series.
When we want to get trust by designers and developers for high quality 
application , we need this mechanism.
 
2.
"sdb install"
Please do not assume sdb can be used only USB is connected.
Gear series has no USB, can connect sdb through wifi.
As a result, gear has more flexible design point without usb port.
 
"sdb install" in reference phone.
reference phone, you can install application with "sdb install".
We need reference phone for the developers convinience not freeing 
sideloading.
 
BRs
--------- Original Message ---------
Sender : 하이츨러 <c.haitzler at samsung.com> Master/S/W Platform팀(S/W센터)/
삼성전자
Date : 2016-10-27 17:53 (GMT+9)
Title : Re: [Dev] WG: RE: Antwort: Re: Privilege Platform
 
On Thu, 27 Oct 2016 08:32:58 +0000
김보곤 <bogon82.kim at samsung.com> wrote:

> Samsung Enterprise Portal mySingle
> 
> What you explained is what android does.

I know that.

> What we do is what ios does.

I know that.

And all the effort of "Tizen is Open Source" falls flat on its face the
moment we do this. The simple answer is "Android is a far more Open Os
that Tizen is and that is my honest advice to anyone. This is a shame
but it is the truth." and this is the actual response from people who
run into this certificate "I need permission to buy my own furniture"
thing.

If you actually read feedback from developers you'll find it's one of
*THE* most painful thing about dealing with Apple and that development
environment.

"Why I hate iOS as a developer"

https://medium.com/@Pier/why-i-hate-ios-as-a-developer-459c182e8a72#.abqom74n7


Read "Certificates and provisioning profiles"

If you wish to invoke the way Apple do things... then I shall invoke
the response from developers like above. And this response is far from
unique. I can find a lot of pain people go through.

But even worse, why don't you spend some time speaking with open source
developers you will give you an earful on just how insulting such
treatment of developers is. I do this. You should. This is a great way
to send developers away, not attract them. And people wonder why
developers are not flocking to write apps for Tizen.

> And tizen has decided ios way from very beging of tizen.

Actually that is COMPLETELY wrong. From the very beginning Intel pushed
very heavily for side-loading WITHOUT restrictions. I was there.
Samsung pushed for not even allowing it at all. In the end we kind of
got our way with this "You can side-load but only if we give you
permission" method.

> Both way has pros and cons and deciding which way is just platform
> policy without exact answer.

And I'm saying that we chose the worst possible way. It goes against
everything Open Source is about. I've been in the Open Source world
for over 20 years. I have a good idea of what it really means. This
kind of certificate thing is anti Open Source.

> In my personal opinion, easy install means easy install malware
> application as well, and it took many years in android to prevent
> installing malware for instance adding such logics to check "allow
> untrusted installs" after people were damanged to install malware
> application through text or something.

If someone like a developer CHOOSES to install something, that is THEIR
CHOICE. They do the install. If you require it be installed on
command-line then fine. Developers will. But disallowing it entirely is
purely insulting. It says "we do not respect YOUR freedom nor YOUR
ability to decide anything for yourself, so we'll just block you
instead."

> So I think deciding blocking sideloading as a platform policy was not
> a bad idea.

It's a horrible idea.

> I just intented to inform him current situation because I think every
> members in here who know about it to share with others.

Correct. But do not expect such a situation to go un-challenged. I have
personally spoken with developers who have sworn at this policy and
instantly given up on Tizen right on the spot. I've seen the results on
driving developers way. Unlike those people who just silently left and
disappeared, I'm standing up for them and am making a point. We have
ACTIVELY tried to drive them off by doing this.

If you had to install using sdb (or even better we should bring back
usbnet support and openssh so you have to set up a user AND password or
ssh public key auth to enable this for your device and then have to
scp/sdb push then locally do "tpk install xxx") then you'll find the
people who need this feature (developers) have it without barriers that
they are not familiar with anyway, and regular people will not
accidentally install things that could be harmful.

> BRs
> 
> --------- Original Message ---------
> 
> Sender : 하이츨러 <c.haitzler at samsung.com> Master/S/W
> Platform팀(S/W센터)/삼성전자
> 
> Date : 2016-10-27 16:54 (GMT+9)
> 
> Title : Re: [Dev] WG: RE: Antwort: Re: Privilege Platform
> 
>  On Thu, 27 Oct 2016 07:19:28 +0000
> 김보곤 <bogon82.kim at samsung.com> wrote:
> 
> > Samsung Enterprise Portal mySingle
> > 
> > Hello,
> > 
> > 
> > 
> > Sideloading, (https://en.wikipedia.org/wiki/Sideloading) which means
> > to install packages not comming from tizen store is not allowed
> > because of security reason.
> > 
> > So there is no such way to do it.
> 
> "security reason". A very poor excuse. I'm sorry but this policy is an
> excuse to just make life HARD for developers. Just because some
> organizations love to retain total control over their products even
> after sale, does not make it a good or nice thing to do.
> 
> The real issue here is to retain total control. Anything else is an
> excuse. I'm being realistic. Someone has to stand up for users and
> developers and their freedoms and rights, and in my experience almost
> no one does. Even if anyone does, it's always fobbed off as a
> "security issue".
> 
> A message to users: You need to make your voices heard. No one will
> change anything at all unless you stand up and effectively revolt and
> protest. The mindset is one of "But this is for your own good!
> Security! We are being so nice to you!". Unless you all love things
> this way... you need to say something very loudly and clearly because
> the very few who will stick up for you will not be listened to.
> 
> If someone enables "allow untrusted installs" or similar, then goes
> and installs something ... this is not a security issue. They are
> WILLINGLY and KNOWINGLY installing software on THEIR device THEY own
> and THEY bought. They are not accidentally clicking a link on a a
> website and then suddenly having an app installed they didn't know
> would be.
> 
> Imagine this. You buy a house or an apartment. You spend a large
> amount of money on it. You then want to move in. The person/company
> you bought the apartment or house from, or the bank you borrowed
> money from says "Oh no. You can ONLY buy furniture from OUR company
> store because of security reasons. You can't move your existing
> furniture in, or buy used furniture from your friend. It's a security
> reason!"
> 
> What would your response be? That is EXACTLY what we are doing here.
> Treating users as a liability even if they have chosen a path of
> possible risk. How DARE someone have the freedom to buy ANY furniture
> they like and place it in the home THEY bought and paid for? It could
> be a security issue! The furniture may be bugged and listen to
> conversations! It may accidentally catch fire on its own! We must
> protect those innocent customers from their own bad decisions!It's
> true that a lot of people will do bad and risky things, but punishing
> EVERYONE is pretty arrogant. Yes, I know you can get permission with a
> personal certificate so just YOU can install signed apps that YOU sign
> on YOUR device. Imagine you needed permission from the people you
> bought your house from to get a special sticker that allowed to you
> bring furniture into your own home you already paid for? It's
> insulting.
> 
> Think about it. Put yourself in someone else's shoes. Imagine you
> actually had to use Tizen every day and you were developing software
> for it and were asking friends and family to try it out before
> uploading to a store? Imagine you just wanted to share it with your
> colleagues and never publish it? ... Think about it.
> 
> > BRs.
> > 
> > --------- Original Message ---------
> > 
> > Sender : Robin Wertz <robin.wertz at clausohm.de>
> > 
> > Date : 2016-10-21 19:58 (GMT+9)
> > 
> > Title : [Dev] WG: RE: Antwort: Re: Privilege Platform
> > 
> >  Hello thanks for your Help,
> > 
> > so my problem is, we write an application for the samsung gear 2. We
> > will install this application on 80 smartwatches. We have dont
> > internet on this location. We dont will update all smartwatches over
> > connection with tizen. How can i do that ?
> > 
> > the idea was that we write a second application an "Updater". This
> > Updater downloaded the new wgt file from us server and
> > uinstalled/installed this. Have anywho a good idea how to
> > implemented this ?
> > 
> > thanks Robin
> > 
> > 
> > 
> > 
> > Von:        이동선 <ds73.lee at samsung.com>
> > An:        Robin Wertz <robin.wertz at clausohm.de>, Philippe Coval
> > <philippe.coval.pro at gmail.com> Kopie:        dev at lists.tizen.org
> > <dev at lists.tizen.org> Datum:        21.10.2016 02:17
> > Betreff:        RE: [Dev] Antwort: Re:  Privilege Platform
> > ────────────────────────────────────────────────
> > 
> > 
> > 
> > Hi,
> > 
> > There are 3 privilege levels(public, partner, platform) in tizen
> > api. The platform privilege level is only for developers of device
> > manufacturers. So I don't think you can get a platform privilege
> > level. If you have an accout of tizen wiki, you can get detailed
> > information with the following URL.
> > -
> > 
https://wiki.tizen.org/wiki/Security/Tizen_3.X_Overview#Application_Singing_and_Certificates 

> > BR,
> > 
> > --------- Original Message ---------
> > Sender : Robin Wertz <robin.wertz at clausohm.de>
> > Date : 2016-10-20 20:17 (GMT+9)
> > Title : [Dev] Antwort: Re: Privilege Platform
> > 
> > 
> > Hi,
> > i have a certificate as partner, but i cant use the
> > packagemanager.istall privilege. Tizen will the platform level for
> > this.
> > 
> > 
> > 
> > Von:        Philippe Coval <philippe.coval.pro at gmail.com>
> > An:        Robin Wertz <robin.wertz at clausohm.de>
> > Kopie:        "dev at lists.tizen.org" <dev at lists.tizen.org>
> > Datum:        20.10.2016 10:01
> > Betreff:        Re: [Dev] Privilege Platform
> > ────────────────────────────────────────────────
> > 
> > 
> > 
> > 
> > 
> > On Thu, Oct 20, 2016 at 9:53 AM, Robin Wertz
> > <robin.wertz at clausohm.de> wrote: Hallo Tizen Developers,
> > 
> > i have a little Problem. I develop an app for the samsung Gear S2
> > classic and will use the privilege
> > http://tizen.org/privilege/packagemanager.install. But tizen
> > required the privilege Level platform for this privilege which i
> > dont have. How i can get the platform privileg ?
> > 
> > 
> > Hi
> > 
> > So you should apply as a partner,
> > I never applied for it but I know a program like that exists
> > 
> > Maybe this is also interesting you and the mailing list
> > 
> > 2016-10-27 : Build powerful and secure apps on the Samsung GearS3
> > Knox Tizen Wearable SDK
> > https://wiki.tizen.org/wiki/Events#NEXT_OR_CURRENT_EVENTS
> > 
https://seap.samsung.com/content/tech-webinar-tizen-wearable-sdk-october-27-2016

> > Hope it helps _______________________________________________
> > Dev mailing list
> > Dev at lists.tizen.org
> > https://lists.tizen.org/listinfo/dev
> > 
> > 
> > 
> > ────────────────────────────────────────────────
> > 
> > 이동선    李東宣    DongSun Lee
> > 책임 Senior Engineer
> > Security Lab (S/W R&D Center)
> > Samsung Electronics co., Ltd.
> > E-mail  : ds73.lee at samsung.com 
> > 
> > ────────────────────────────────────────────────
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > _______________________________________________
> > Dev mailing list
> > Dev at lists.tizen.org
> > https://lists.tizen.org/listinfo/dev
> > 
> > 
> > 
> > 
> > 
> > 김보곤 책임(Bogon Kim)
> > 
> > 
> > 
> > Mobile Communication Division
> > 
> > Samsung Electronics.Co.,LTD
> > 
> > Mobile  82 - 10 - 3583 - 0881
> > 
> > Email  bogon82.kim at samsung.com
> > 
> > Software, System and Samsung
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> 
> 
> 
> 
> 
> 김보곤 책임(Bogon Kim)
> 
> 
> 
> Mobile Communication Division
> 
> Samsung Electronics.Co.,LTD
> 
> Mobile  82 - 10 - 3583 - 0881
> 
> Email  bogon82.kim at samsung.com
> 
> Software, System and Samsung
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 




 
 
김보곤 책임(Bogon Kim) 
 
Mobile Communication Division
Samsung Electronics.Co.,LTD
Mobile  82 - 10 - 3583 - 0881
Email  bogon82.kim at samsung.com
Software, System and Samsung
 
 
 
 
 
 
 
 
 
 

 





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tizen.org/pipermail/dev/attachments/20161027/cb2ea525/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 13402 bytes
Desc: not available
URL: <http://lists.tizen.org/pipermail/dev/attachments/20161027/cb2ea525/attachment-0001.gif>


More information about the Dev mailing list