Fremantle/Repositories

(Options for Solutions)
Line 46: Line 46:
-
This proposed solution would also require Nokia to help the Community sustain infrastructure in the future via either sponsorship for a proposed 2 years in the form of hosting costs for all Maemo infrastructure that the Community will be hosting. Therefore, a win-win situation for Nokia and users of Maemo.
+
This proposed solution would also require Community to sustain the infrastructure in the future to allow users to fix the GPG key issue on virgin fremantle systems, after a reflash or on freshly purchased devices. Support from Nokia in form of paying (part of) the bills for that hosting and maintenance of maemo infra would be highly appreciated.
-
+
-
 
+
-
 
+
== Agreed Solution ==
== Agreed Solution ==

Revision as of 06:43, 22 January 2013

Contents

Introduction

This page serves to stimulate discussion and exchange ideas with regards to Fremantle Repositories for the following:

Basics of Operations
Security Issues
Current Issues
Options for Solutions
Agreed Solution


Basics of Operations

Security Issues

Issue 1 - Expired GPG key

It is common knowledge that the GPG keys for Nokia's official Fremantle repositories has been expired since a few months.


On 21/01/2013, the Community has been contacted by a Nokia representative from the Nokia MeeGo team in-charge of supporting, in addition to the N9, Fremantle. However, due to the team being the late addition in Harmattan, they are foreign to Fremantle systems.


The issue is with the GPG key 13FA4ED6, known as "Nokia repository signing key 4v1". The Nokia MeeGo team have requested the Community to assist in a way forward that would help in solving this issue for all N900s.


Current Issues

Options for Solutions

Proposed Solution 1 - CSSU-Security

A CSSU-style update is pushed out to N900 devices. This CSSU update would be independent of the user having CSSU-Stable or CSSU-Testing. The proposed CSSU-Security branch would be solely for the purpose of pushing out security updates now and in the future.


CSSU-Security would merely add a repository to the user's device which would be able to first fix the signing key issue with a new signing key. This new signing key would be required to be added on Nokia's servers too.


This proposed solution would also require Community to sustain the infrastructure in the future to allow users to fix the GPG key issue on virgin fremantle systems, after a reflash or on freshly purchased devices. Support from Nokia in form of paying (part of) the bills for that hosting and maintenance of maemo infra would be highly appreciated.

Agreed Solution