Re: Security With Show Package Contents?
Re: Security With Show Package Contents?
- Subject: Re: Security With Show Package Contents?
- From: Graham Lee <email@hidden>
- Date: Mon, 12 Jan 2009 17:49:47 +0000
- Acceptlanguage: en-US, en-GB
- Thread-topic: Security With Show Package Contents?
On 12/01/2009 17:25, "Michael Ash" <email@hidden> wrote:
> On the Mac code signing is just a way for users to be able
> to trust that an app is from who it says it's from.
I agree that it the underlying technology has the capability to provide
that, I'm not sure that code signing on the Mac currently does provide that
trust. AFAICT it currently only lets users trust that app v1.0.1 came from
the same people as app v1.0, and only then thanks to the _lack_ of any UI
which would appear in the failure case - and only _THEN_ if the app tries to
perform one of a small number of privileged operations.
Cheers,
Graham.
--
Graham Lee
Senior Macintosh Software Engineer, Sophos Plc.
+44 1235 540266
http://www.sophos.com/
Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom.
Company Reg No 2096520. VAT Reg No GB 348 3873 20.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden