[haiku-development] Re: Design for signed packages
- From: Rene Gollent <anevilyak@xxxxxxxxx>
- To: haiku-development@xxxxxxxxxxxxx
- Date: Wed, 26 Mar 2014 16:54:34 -0400
On Tue, Mar 25, 2014 at 11:13 PM, Jonathan Schleifer
<js-haiku-development@xxxxxxxxxxx> wrote:
> So you really think it's better that the default is to download unsigned
> binaries than to have signed packages? So you basically prefer remote code
> execution with full system access, because that's what it basically is? Come
> on, you're not serious?
Plain and simply, I find the sheer amount of paranoia displayed by you
surrounding both SecureBoot and all the package signing entirely
excessive, and simply resulting in unnecessary busywork and annoyance
for both the end users and the relatively small pool of people
handling the porting work. Having to supply 4 different hashes for
every package, and distrusting e.g. downloading source from github is
from my standpoint absurd. If I was really that paranoid, I'd be
running an entirely different platform geared solely towards these
issues from the ground up. So yes, I'm entirely serious.
Rene
Other related posts:
