Apple ARM binary codesign issue
Richard L. Hamilton
rlhamil at smart.net
Tue Sep 22 23:05:42 UTC 2020
> On Sep 22, 2020, at 18:54, Jeffrey Walton <noloader at gmail.com> wrote:
> If you modify the binary or assets in the bundle, you should have to
> resign the bundle. I don't think there's anything inherently insecure
> about (re)signing a bundle after modification. Or nothing comes to
> mind (for me).
I see two basic cases: what the person compiling chooses to trust for their own use, and what is suitable for binary distribution. Ad-hoc is fine for the former.
But in either case, I think it's more trustworthy if the same entity signs a modification as signed the original compile; otherwise, they don't actually know what was compiled (not that they reviewed all the code anyway, but if they did both, they at least had the opportunity to know what's in there). So if not, one could compile in good faith, another could modify in good faith, but something slipped through...who?
How will additional signing requirements impact MacPorts binary distribution (which is a huge timesaver for installs and updates, if one doesn't have to build most packages oneself)?
More information about the macports-users