[haiku-development] Re: Design for signed packages
- From: "SMC.Collins" <smc.collins@xxxxxxxxxxx>
- To: haiku-development@xxxxxxxxxxxxx
- Date: Thu, 27 Mar 2014 13:18:17 +0000 (UTC)
I deleted the branch now as people are clearly offended by even only having the
minimum level of security that even Windows offers since Windows XP (optionally
signed executables, optionally signed drivers, signed updates) - and that was
introduced 14 years ago - and prefer to repeat the security disaster of Windows
98. Users wouldn't even have noticed that packages are signed unless they
installed a hpkg from a 3rd party without using a repository, but clearly,
people feel offended by even the thought that there is cryptography involved
that makes sure that the updates you install are actually from the
vendor…
So, the branch is gone and we can drop this thread now.
--Jonathan
I think some security makes sense, so long as the mechanisms are simple, clear
easy to understand and unobtrusive. I would suggest we should take the approach
of. We can trust everything from Haiku inc, all other caveat empor.
But more security does not always grant more security, security is only as good
typically as its weakest users. I think brainstorming is fine, but try to find
the simplest most elegant design, I am sure this is a concern, but it needs not
become one of severe limitations. As for secure boot, the DOJ here in the
states is very likely to get involved with that issue shortly. Microsoft being
the only key provider, its crazy.the user should be able to enter keys if they
so desire, and you can hack around the bios efi anyways I'd bet. A good saying
my Grandfather always used to say, locks only keep honest men honest.
Sean.
Other related posts:
