On Feb 22, 2012, at 1:05 PM, Norman Gray wrote: > > Greetings. > > On 2012 Feb 22, at 20:03, Jens Axel Søgaard wrote: > >> The tech press reports that the default is to "medium" i.e. applications >> downloaded from the mac app store and from identified developers (that is >> signed applications) are allowed to run. > > For those who haven't chased this up already (I haven't gone into much > detail), there are some interesting links at Daring Fireball[1], including a > piece which highlights some of the likely problems[2]. > > The short version appears to be that, as Jens says, Gatekeeper will by > default run in a mode which enforces MAC on applications, and the principal > problem -- voiced at length and at high volume -- is that the currently > available set of 'entitlements' (where the application declares what set of > resources it wishes to have access to) is too small for a significant > minority of applications.
FWIW: actually, I don't see Jens saying that signed apps will by default run in a mode that enforces privilege checking, and I just spent a few minutes digging, and didn't find anything saying that. Are you really sure that Gatekeeper's "level 2"--code must be signed, but not app-store-ready--will enforce access restrictions? Pointers gladly appreciated, and maybe I'm just not reading carefully enough. John
smime.p7s
Description: S/MIME cryptographic signature
_________________________ Racket Developers list: http://lists.racket-lang.org/dev
