unsigned kexts on Yosemite
Daniel J. Luke
dluke at geeklair.net
Mon Oct 27 06:50:54 PDT 2014
> On Oct 24, 2014, at 10:11 PM, Landon J Fuller <landonf at macports.org> wrote:
> On Oct 24, 2014, at 8:00 PM, Ryan Schmidt <ryandesign at macports.org> wrote:
>>> I agree that a kext requires a higher degree of trust, I just don’t think a single-vendor signing regime is a net win for users.
>> But that's what Apple's policy in Yosemite seems to be, and it has typically been MacPorts strategy to attempt to adopt whatever policy changes Apple makes as best we can.
> Historically, Apple’s technological/commercial interests have been more aligned with the requirements of MacPorts’ user base, and even then, MacPorts has shipped things that Apple no longer supported because those tools were still required by MacPorts' users.
> If someone wants to exercise their prerogative to install an unsigned kext, Apple has already added plenty of barriers. I don’t see what we have to gain by deleting the ports out from under them, too.
+1 I think Landon's plan seems reasonable (try to get a signing cert - even though we probably won't get one, use the nvram check to print information that helps our users, possibly use developer-signed kexts).
Daniel J. Luke
| *---------------- dluke at geeklair.net ----------------* |
| *-------------- http://www.geeklair.net -------------* |
| Opinions expressed are mine and do not necessarily |
| reflect the opinions of my employer. |
More information about the macports-dev