ubuntu-phone team mailing list archive

[Martin Albisetti <argentina@xxxxxxxxx>]

On Thu, Apr 9, 2015 at 12:56 PM, Robert Schroll <rschroll@xxxxxxxxx> wrote:
>
> Really?  Any sane rating system will increase the computed rating when
> receiving a new review above the current rating and reducing it when
> receiving a new review below the current rating.  Thus every sane rating
> system is vulnerable to a flood of five-star, or one-star, reviews.
> Methinks you are flattering yourself if you think attackers will take the
> time to search for a unique vulnerability in your rating system, rather than
> brute-forcing it.

I think with time and popularity, we'll get a bit of both  :)


> Since reviews require an Ubuntu One account, I think the best defense is
> preventing and removing fraudulent accounts.  Keeping this part secret makes
> more sense to me.

This is not the only reason it's private, it's a small part of the
store. Overall we don't want fragmentation with competing stores, and
the store itself interacts with payments and other sensitive items.
This is just an extension of the existing desktop store backend, which
has been proprietary since its inception as well.
In this case, the overall benefits of keeping it closed outweigh the
benefits (and cost) of having it open source.
I would agree it is an uncomfortable line to walk, and this could
change in the future if the balance changed. It isn't on the cards for
now.

-- 
Martin