Small Patch Management between major OS Updates?
I would like to know whether some kind of patch management for small and specific improvements or bug fixing is being considered. It would be very useful specially for urgent security patches, but also for fixing issues or broken updates.
While regular OS updates are great in terms of extending functionality (thank you for this!), there are two recent cases where a mass distribution of a small binary patch would have been very handy and very important:
- The OpenSSL bug, which was luckily addressed a few days later with the monthly OS update. But what would have been the scenario, if no update had been planned?
- The broken functionality of WPA2 Enterprise (aka "eduroam" WiFi access), which doesn't work anymore since the last update. Not to blame Jolla, but it would be great to get a patch for this quite important feature (even if it used to be a command line hack).
I perfectly understand that you can't deploy a full, several hundred megabytes large OS update across all countries every time (and it will happen more and more often) some security or other issue arises, this requires a lot of planing and testing of the whole system. But providing a flexible and simple mechanism for quickly distributing small mandatory (security) or optional (functional) patches could be essential or at least a differentiating argument for the trust and the survival of the whole Jolla project.
*Note from April 19th:* would be really nice to get some answer from Jolla to this question. Maybe I'm wrong, and it's technically not feasible, or too expensive, or it's a stupid idea...
*Note from April 25th:* today's 2MB small hotfix for improving MMS functionality seems to confirm that Jolla is already using some kind of the small patch management I inquired about. Glad to know and hoping it will be specially used for security fixes.
There is a 3rd issue requiring immediate action: https://together.jolla.com/question/39495/security-risk-with-sqlite-db-in-jolla-passwords-in-plain-text-in-user-space/
jgr ( 2014-04-16 21:54:07 +0200 )editYes, true, thanks for the reminder. Another good example for a problem that should be fixed asap and where a small patch management system could be very useful.
melg01 ( 2014-04-16 22:18:34 +0200 )edit"could be"? I just worked out that any web server can steal your credentials.
jgr ( 2014-04-16 22:58:56 +0200 )editFor MMS bug when sending on Vodaphone UK for example :)
TellienInTouch ( 2014-04-17 18:33:04 +0200 )edit@TellienInTouch lol, is there a major security issue with MMS on Vodafone UK? melg01 is not asking them to push every commit on our Jolla ;)
Sthocs ( 2014-04-17 18:44:38 +0200 )edit