On 12/01/2009 17:25, "Michael Ash" <michael....@gmail.com> wrote:
> On the Mac code signing is just a way for users to be able > to trust that an app is from who it says it's from. I agree that it the underlying technology has the capability to provide that, I'm not sure that code signing on the Mac currently does provide that trust. AFAICT it currently only lets users trust that app v1.0.1 came from the same people as app v1.0, and only then thanks to the _lack_ of any UI which would appear in the failure case - and only _THEN_ if the app tries to perform one of a small number of privileged operations. Cheers, Graham. -- Graham Lee Senior Macintosh Software Engineer, Sophos Plc. +44 1235 540266 http://www.sophos.com/ Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom. Company Reg No 2096520. VAT Reg No GB 348 3873 20. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
