Thomas Joos | mobile application developer

(re)create your thoughts and expand your limits.

Online webtool for flash lite packaging while holding an NDA?

with 8 comments

Today I came across a very interesting thought from SAMIR about online flash lite packaging while holding an NDA. He is referring to www.swfpack.com which allows you pack your swf applications for different mobile runtimes like sis.

But even after such good merits , I would not prefer to use it if I am working on any (i) commercial mobile app (ii) any app I am building for any client with whom I have signed an NDA , as this would risk my app to be uploded to a third party domain, which is not accepted in all the above said cases. So, I seriously doubt if  similar tools which help you in a core development projects, are online, will be much used by industry developers for these cases , unless there is some agreement between the provider of the web tool and themselves …a kind of NDA. – SAMIR

I was quite curious what the reaction of Kuneri would be so I posted a little comment on their blog and they responded right away with a comment and a blogpost. Cool!

Hi Thomas,

Good and valid questioning. As far as I know/see, no Web 2.0 service offers an NDA. See any online project management tool out there (Basecamp, GoPlan?) , which store much more sensitive data than a compiled file. None of them offer you an NDA and SWFPack is no different than any Web 2.0 product. See a recent post I published, would answer more questions: http://bloggy.kuneri.net/2008/10/14/swfpack-and-security/

To summarize the swfpack security policy :

– All project files (SWF or ZIP) are erased right after the SIS generation. There is no way for us or anyone else to access your source files.

– We keep latest generated SIS file on your account, so that you can download it again later on. There is no way another user to access a SIS file generated by another account, and we make it possible for you to delete the generated SIS file from our servers immediately and permanently.

– We do not have SSL connection for file uploads or downloads at the moment. This will be available for Pro accounts.

– We do not get any source files from you. Basically you upload a SWF file, which is a compiled binary.

It seems like they try and keep things as safe as possible for developers to package commercial stuff with swfpack. I am wondering if they will ever release an api? Would be cool for developers and their companies to be able to play with the service they are providing!

Advertisements

Written by vilebody

October 14, 2008 at 1:50 pm

Posted in Flash Lite, Mobile, Press

8 Responses

Subscribe to comments with RSS.

  1. Hi Thomas,

    Thanks for the post. Actually it’s not only a policy (textual statement), it’s how the system works. Practically, there is almost no way to recover a file from ‘rm’ command on unix (which we use), so no one can even see the file after the SIS file is generated (or deleted by you). Only risk could be that; if you network is hacked, someone could pull the file while you upload, but if that’s the case, you have much bigger concerns than SWFPack :)

    Ugur.-

    Ugur.-

    October 14, 2008 at 3:01 pm

  2. Hi Thomas,
    it is not a question about only swfpack.com, rather this is complex associations with all those web tools which offers developer’s aid in someway or other. with increasing compitative market in web 2.0, may be its high time we all need to rethink on the fundamental aspects of IPR and business in terms of different business models and/or contracts.

    But of course even as one developer may not cast doubt on any specific web tool’s securities, but that does not gurantee the contract terms he may have with the clients and their matter’s sensativeness. Flash Lite’s case is very critical, even if you upload binary, there is no way you can encrypt it for uploading (Note your encrypt tools may save you for desktops and not handsets). So just being binary, they offer no security to your project’s interests.

    Moreover it is not about the technicalities of the tools, rather the legal aspect, we may need to explore , so as to make next genaration web tools more effective in terms of business.

    regards
    Samir

    Samir

    October 14, 2008 at 3:44 pm

  3. I think you have an excellent point there Samir. I was referring to swfpack because you also mentioned it and because is is a perfect example of how the legal part can stop you from using the great service some web 2.O online tools have to offer. In case of swfpack, is there anything you would or could suggest so they can assure you it’s safe to use their service, even if you are holding an NDA for the project. I’m thinking of a sort of agreement or certificate to ensure people the service is safe and protects content?

    vilebody

    October 14, 2008 at 8:18 pm

  4. I strongly agree to your point Thomas. A kind of legal documentation is good enough.
    Samir

    Samir

    October 15, 2008 at 7:14 am

  5. ToS and Privacy Policies are legally binding documents for any online service, as well as SWFPack.

    Ugur.-

    October 15, 2008 at 9:10 am

  6. Is there a specific topic implemented in privacy policies that legally offers online services to be able to garantee protection? I’m not an expert but I can imagine clients would like to know/see the online services used to create their (mobile) content have a certificate or something that proves they are safe. Just thinking out loud..

    vilebody

    October 15, 2008 at 12:53 pm

  7. Will check that out. Just a question in mind; does SymbianSigned sign an NDA with developers?

    Ugur.-

    October 15, 2008 at 3:13 pm

  8. Hi ugur,
    That is the question. Is it not something worth to give a rethink?

    Moreover getting a verisign is different case from getting a private policy statement from a site.
    :)

    Samir

    October 16, 2008 at 7:23 am


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: