On 30 October 2015 at 00:32, Eduard <[email protected]> wrote: > Hi Warren, > > On 10/29/2015 06:50 PM, Warren Young wrote: >> On Oct 29, 2015, at 3:40 PM, Eduard <[email protected]> wrote: >>> On 10/29/2015 02:46 PM, Warren Young wrote: >>>> (...) >>> I had read 2/3 of them, yes. Thanks for the third one! ... >>> I might know (through some other source, e.g. >>> PGP-signed email) that artifact "abcdef" is genuine, and it shouldn't >>> matter where I download it from. >> >> How many people will be doing such cross-checking? >> >> Again I bring up the XcodeGhost example. People do foolish things in the >> name of expediency. > > Well, I know I will be doing such cross-checking. Hopefully I'm not the > only one. Right? ...right?
Seriously, large part of the software out there is not signed in any way at all. For codebase of non-trivial size (more than 2-3 small files) there is no way to review the code. It does not suffice to sign the security software. Since we have the poor security design dating back to the original Unix implementation all application are allowed to do anything. There are optional security extension like selinux that technically do allow sandboxing applications by now but most applications would fail if running sandboxed because these are optional non-standard extensions. Who would bother to cater to people who use those to be able to run their system securely, right? So you have to trust every single line of code and makefile you run. Not just the system tools. *everything* you ever download and execute on your computer. Even proprietary applications and libraries (how many vendors do sign these?). So basically any 'security' on a workstation where you actually do anything useful is just fake. Thanks Michal _______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
