Questions about code signing
Brandon S Allbery KF8NH
allbery.b at gmail.com
Sun Feb 6 11:22:44 PST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2/6/11 02:18 , kevin beckford wrote:
>>> and the mechanism is in
>>> place to disable unsigned binaries.
>>
>> Huh?
>
> man taskgated.
>
> Code signing would be a great idea, if I was a full partner in what
> was running. NPAPI plugins run as the logged in user, a quite
> alarming piece of information, so I'm quite happy to see things such
> as the sandbox, and code signing binaries. However taskgated indeed
> could disable binaries, and then it becomes an issue of philosophy
> really.
My immediate reaction to taskgated is that it's an initial step toward a
trusted computing base, not a future direction for the OS in general except
possibly in the sense that many Linux distributions have picked up SELinux.
- --
brandon s. allbery [linux,solaris,freebsd,perl] allbery.b at gmail.com
system administrator [openafs,heimdal,too many hats] kf8nh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1O9QQACgkQIn7hlCsL25WPRgCfctk/u04KYfaEsELt0VFpeApu
vF8AoI1aaM0XhGN6tlX8rXgqPiv1LlXf
=Wcyt
-----END PGP SIGNATURE-----
More information about the macports-users
mailing list