On Tue, Mar 25, 2014 at 11:13 PM, Jonathan Schleifer <js-haiku-development@xxxxxxxxxxx> wrote: > So you really think it's better that the default is to download unsigned > binaries than to have signed packages? So you basically prefer remote code > execution with full system access, because that's what it basically is? Come > on, you're not serious? Plain and simply, I find the sheer amount of paranoia displayed by you surrounding both SecureBoot and all the package signing entirely excessive, and simply resulting in unnecessary busywork and annoyance for both the end users and the relatively small pool of people handling the porting work. Having to supply 4 different hashes for every package, and distrusting e.g. downloading source from github is from my standpoint absurd. If I was really that paranoid, I'd be running an entirely different platform geared solely towards these issues from the ground up. So yes, I'm entirely serious. Rene