On Mon, Oct 27, 2014 at 8:26 PM, Landon J Fuller <[email protected]> wrote: > > On Oct 27, 2014, at 5:36 PM, Dan Ports <[email protected]> wrote: > > Also, I think Apple mandates using a separate certificate for each > > kext -- so we're stuck getting more certificates no matter what. > > AFAIK it's still just a general "kexts allowed" extension set on the > Apple-signed developer ID certificate. >
Mechanism and policy are two different things. I would not be surprised if the agreement specified use of a separate cert for each kext or group of closely related kexts, so they can revoke one without affecting others. A mechanism can't enforce this, and while you can ignore it because the mechanism doesn't enforce it, you risk Apple deciding that because they don't like one kext you signed they can disable all kexts you signed. -- brandon s allbery kf8nh sine nomine associates [email protected] [email protected] unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
_______________________________________________ macports-dev mailing list [email protected] https://lists.macosforge.org/mailman/listinfo/macports-dev
