Re: Code Sign verification on Leopard
Re: Code Sign verification on Leopard
- Subject: Re: Code Sign verification on Leopard
- From: "email@hidden" <email@hidden>
- Date: Tue, 13 Oct 2009 22:28:29 +0100
On 13 Oct 2009, at 19:28, Jens Alfke wrote:
On Oct 13, 2009, at 9:25 AM, email@hidden wrote:
But it's not useless in the sense that it provides feedback that
the code IS signed.
The code merely allows me to detect if I have screwed up my build
settings and managed to break the code signing.
Sure, it's useful for that. But when people see the phrase "code
signing" they tend to assume it's magic sauce for detecting
malicious code, so I wanted to set expectations for others wanting
to use that snippet.
I think there is a bit of "magic sauce" to be had in the fact an app
signed with a trusted anchor is, as you know, trusted by various
subsystems such as the app firewall, keychain, etc.
http://developer.apple.com/mac/library/technotes/tn2007/tn2206.html#TNTAG1
Jonathan Mitchell
Developer
http://www.mugginsoft.com
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden