Comment by nixpulvis
15 hours ago
We need a better way to sign and verify software. Clearly companies like Microsoft and Apple have not been good for the open source communities and are inhibiting innovation.
15 hours ago
We need a better way to sign and verify software. Clearly companies like Microsoft and Apple have not been good for the open source communities and are inhibiting innovation.
We need better OSes such that signing of software is not required to keep your computer safe.
GrapheneOS is doing lot of things right in this regard. Robust permission system adopted from AOSP and hardening by default in every imaginable way. Things like hardened malloc, storage scopes are excellent security features. Malware cannot do much even with the default settings.
With a file system driver like Veracrypt, if it’s malicious, the OS might keep your computer safe, but not your files that you store in that file system.
Yes, I completely agree.
Qubes OS is such OS: it runs everything in VMs with strong hardware isolation. My daily driver, can't recommend it enough.
Just add code cert generation to letsencrypt, it's not like MS validates the code that you sign used certs from them anyway
What would be the point? How would you prevent malware from being signed? Currently, code signatures are used as a signal for trustworthiness of the code.
Microsoft signed the Crowdstrike updates. I don't think a CA signing a piece of malware is a realistic thing to be concerned about.
Only signal is that whoever is in the subject DN (highly) probably signed the code. There's 0 signal about trustworthiness of the code in the signature. Thrustworthiness signal is in the behavior/reputation of the signer.
Pretty sure there were historically a lot of apps that stole peoples contact lists and were signed properly. Certainly in the Android world.
Is it some entirely different process than providing hashes and a GPG signature?
1 reply →
Misplaced trustworthiness?
On the source code side, I quite like the way Guix does things, i.e. needing every commit to be gpg-signed. They even have a handy tool for verifying the repo[0] but I'm not sure how viable this is for non-OSS projects.
[0]: https://guix.gnu.org/manual/devel/en/html_node/Invoking-guix...
I suggest that developers could self-sign to verify the legitimacy of future updates. Otherwise leave it unsigned.
This entire "big tech overlords have to sign apps & drivers to keep you safe" concept is one giant pile of nonsense.
It should something like web certificates, you can bring your own.
I think this is fundamentally an unsolvable problem and I'm not even sure it's worth pursuing.
Any large scale signing platform will have large oversights and be rendered useless. See the appstore / play store/windows...