[SR-Users] CAcert root in Lumicall
Daniel Pocock
daniel at pocock.com.au
Tue Feb 14 13:56:44 CET 2012
> I installed it from the download page, worked fine on android 2.2 -- had
> no time to test it yet, but I noticed some "warning" messages during
> installation. Not sure if it is specific for each android phone type or
> for android in general, but I was alerted that I will allow the
> application do to a lot of "nasty" things, like taking my gps position,
> making calls that can cost me money, etc... Being open source and people
The warnings are a common problem for Android apps
There is no opportunity for the developer to annotate the warning screen
or make the warnings more specific
E.g. permission to modify SD card: the Lumicall app only needs
permissions to export a backup of the SIP settings, it does not, for
example, need to delete pictures and movies. But Android doesn't allow
that distinction. As a developer, I have to choose:
- give user backup feature with nasty warnings
- give user no backup feature
However, I have been reflecting on this, and I think I am going to
remove some features (e.g. the backup function) so that users will be
less intimidated.
Another strategy is to modularise the app: e.g. divide Lumicall into 3
apps, each with less permissions, and they collaborate using
inter-process communication (IPC)
> like myself a devel could check and be safe about if they have a doubt,
> but I wonder if "usual" people will not become afraid of installing it.
The source code is an important issue for me too: I have now implemented
SRTP, and almost finished implementing ZRTP. I really believe that such
source code should be open so that people can have proof that it is
secure (no back doors for someone to monitor calls and sell juicy rumors
to British newspapers)
Rather than putting the code on Sourceforge, I'm setting up a site,
opentelecoms.org (which is also the Java namespace for the library code)
- but I'm trying to choose between running it with a monolithic solution
like FusionForge, or separate systems like MoinMoin, Bugzilla, gitosis -
I'd be interested in any suggestions about that, as I want the site go
beyond the basic goal of distributing source code, and make it a useful
resource to the wider VoIP community.
More information about the sr-users
mailing list