On Mar 22, 2022, at 13:08, Daniel J. Luke wrote:
> On Mar 21, 2022, at 9:20 PM, Ryan Schmidt wrote:
>> Ports that fetch their sources from a revision control system do not enjoy
>> the protection of checksums. Although ports that fetch source from a
>> revision control system specify which tag
On Mar 21, 2022, at 23:02, Joshua Root wrote:
> We could ad-hoc codesign everything, which would not improve security at all,
> but would get GateKeeper to ease up a bit on restrictions on incoming network
> connections and the like.
> Assurance that binaries have not changed after being
Apologies if what I'm about to say seems tangential... hopefully it
provides historical context that is useful to the discussion at hand.
=
Remember that code signing was first implemented for apps that were
published on the iOS App Store. This was very quickly (maybe even
simultaneously?)
On Mar 21, 2022, at 9:20 PM, Ryan Schmidt wrote:
> Ports that fetch their sources from a revision control system do not enjoy
> the protection of checksums. Although ports that fetch source from a revision
> control system specify which tag or commit hash to fetch, it is conceivable
> that a