Development Known Security Vulnerabilities

Quote:

Originally Posted by MichaelV

Dr Steve, I think this is Edge own making. If they would comply with the GPL licence and release the complete code months ago we would not have this discussion. The current release is just dust in the eyes of the community.

All,

We are pretty sure we have released all required source code. We are not sure what this complaint is based on. Please contact us with a support ticket with specifics and we will see if we can help.

DP

Quote:

Originally Posted by MichaelV

wonder what is the edge response to this.

It is very reasonable for you to ask. Perhaps others in our development community can comment on these. Justin was helpful enough to provide the links to the issues for two of them. I may be wrong, but I believe the first one is a vulnerability present in all Android devices prior to upgrade to the 2.2 release (which is about 95% of android devices currently in use). The second one is a virus that really requires that you install it yourself (I would not recommend that). The third one, we will look into.

Really, the best way to get us to fix the issues you find is to turn in a support ticket. We are really trying to work with you. Anything you can do to help us improve the platform is welcome. We are trying to moderate these forums as lightly as possible, so we take the good with the bad. I just ask that everyone try to keep the discourse constructive.

DP

DP

Quote:

Originally Posted by MichaelV

Edge are trying to protect their image but they do more harm than good. this is going now to be out of proportion on facebook and tweeter. Big retailers will notice and Edge may not ever go into retailers if the issues are not addressed soon. nobody will take on a device that has security vulnerabilities. this invites legal troubles. Edge should work with the developers not against them. I have to agree 100% with alefor.

Really???
Then how do millions of Windows machines reach the marketplace on a daily basis.
Your statement is incorrect. Retailers frankly don't give a hoot whether there are security vulnerabilities or not. All they care about is whether they can make money on a product.
And the average user really doesn't care either....if they did, Microsoft would never sell another OS. All users seem to care about is whether it is "cool".....and whether they can figure out how to use the product. Most don't ever even hear of security vulnerabilities.

dontpanic,

You are showing ignorance of the fact, the second one is not a virus. Its proof of concept that exploits a vulnerability. I linked you to the source code in hopes it would help you.
The first one is indeed in MOST android devices, does not mean you cant patch it. You are not in GPL complaince. Why are staff allowed to use anonymous names on the forums,
but my request using my full name, and offering contact information (email) was denied due to be "anonymous"?

Justin

Justin,

Again, please tell us how we are not in GPL compliance. We really do believe we are and are trying to help.

DP

the code is truncated. you must release the entire GPL source code not only what you pick and chose.

dp,

Lets assume the kernel is full, which I don't believe but since I am mostly done with your device I will leave it like that.

For starters, lets do quick check

jcase@phenom:~/android/edge/system$ ls -Ral |grep gpl
-rwxr-xr-x 1 jcase jcase 302536 2010-06-15 12:45 libart_lgpl_2.so.2

jcase@phenom:~/android/edge/system$ ls -Ral |grep gstream
-rw-r--r-- 1 jcase jcase 837304 2010-06-15 12:50 libgstreamer-0.10.so

jcase@phenom:~/android/edge/system$ ls -LRA|grep gnome
libgnomeprint
libgnomeprintui
libgnomecanvas-2.so.0
libgnomeprint
libgnomeprint-2-2.so.0
libgnomeprintui-2-2.so.0
./lib/libgnomeprint:
./lib/libgnomeprint/2.18.0:
./lib/libgnomeprint/2.18.0/modules:
libgnomeprintlpd.la
libgnomeprintlpd.so
./lib/libgnomeprint/2.18.0/modules/filters:
libgnomeprint-clip.la
libgnomeprint-clip.so
libgnomeprint-draft.la
libgnomeprint-draft.so
libgnomeprint-frgba.la
libgnomeprint-frgba.so
libgnomeprint-multipage.la
libgnomeprint-multipage.so
libgnomeprint-position.la
libgnomeprint-position.so
libgnomeprint-reorder.la
libgnomeprint-reorder.so
libgnomeprint-reverse.la
libgnomeprint-reverse.so
libgnomeprint-rotate.la
libgnomeprint-rotate.so
libgnomeprint-select.la
libgnomeprint-select.so
libgnomeprint-zoom.la
libgnomeprint-zoom.so
./lib/libgnomeprint/2.18.0/modules/transports:
libgnomeprint-custom.la
libgnomeprint-custom.so
libgnomeprint-file.la
libgnomeprint-file.so
libgnomeprint-lpr.la
libgnomeprint-lpr.so
./libgnomeprint:
./libgnomeprint/2.18.0:
./libgnomeprint/2.18.0/models:
./libgnomeprint/2.18.0/models/uninstalled:
./libgnomeprint/2.18.0/printers:
./libgnomeprint/2.18.0/printers/uninstalled:
./libgnomeprintui:
./libgnomeprintui/2.18.0:
gnome-print-job-preview.xml

I could likely go on for hours. Why do staff get to use monikers, but I get criticized for refusing to provide a phone number?

VenturingSoul: microsoft is patching the devices as soon as a vulnerability is reported. which Entourage is not doing / able to do at this moment. they should have already an update patching those. I am to believe now that the kernel used is patchy and dangerous in actual form. I deleted all my personal infos now from my edge!

engadget posted this today. they are watching the entourage forums. this is good. hope entourage gets the message!
http://www.engadget.com/2010/08/16/e...%28Engadget%29

Not the first time engadget has picked up my stuff..

After communication with Brendan today, to show good will on my part I will no longer being posting publicly potential vulnerabilities, until after I have given enTourage reasonable notice.

this is very good. I hope now we are getting somewhere. This could also help to bring the update to 2.2 forward!

Quote:

Originally Posted by MichaelV

this is very good. I hope now we are getting somewhere. This could also help to bring the update to 2.2 forward!

let's hope so.