On Mar 2, 2008, at 5:39 PM, Rainer Brockerhoff wrote:
Right. Of course, a more-savvy user can run "codesign -d -vvvv" on
the app to check, as I said. But there really should be an easier
way... maybe a "show certificate" button in the Finder's Get Info.
I'll file a bug for that.
The implementation of code signing Leopard gave birth to was
stillborn, and aside from a few fringe cases, going through all the
trouble required to use it typically has very little effect on
anything. I wouldn't expect to see any kind of meaningful
certificate validation being done for a very long time, if ever, so
I'd probably spend some time evaluating whether or not my
application was really attractive enough a target to the gangs of
roving hackers you seem to be afraid of before going hog wild here.
Jens' suggestion makes the most sense to me.
Nathan,
You are of course welcome to your opinion on these matters. In
particular, you may choose to close your eyes and hope the feature and
its ramifications will just disappear in due time so you don't have to
worry about it.
I would not advise this approach to most people. We (Apple and third
party developers) are on a shared course towards "more signed" and
"more validated" and, frankly, "less lenient" as time passes. Leopard
is bending over backwards to make things work for unsigned programs,
because we recognize that you (all) are on diverse release schedules,
and that some of you may need time to integrate signing into your
build and manufacturing processes. I strongly recommend that you (all)
do not interpret that as "I'll never have to worry about this," unless
you enjoy emergency drills down the road.
SIgning your code is not elective for Leopard. You are *expected* to
do this, and your code will increasingly be forced into legacy paths
as the system moves towards an "all signed" environment. You may
choose to interpret our transitional aids as evidence that we're not
really serious. That is your decision. I do not advise it.
Cheers
-- perry
---------------------------------------------------------------------------
Perry The Cynic email@hidden
To a blind optimist, an optimistic realist must seem like an Accursed
Cynic.
---------------------------------------------------------------------------
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
