[Bf-committers] Preparing Blender for GateKeeper

[trouble daemon]

On Fri, Mar 30, 2012 at 1:53 PM, Knapp <magick.crow at gmail.com> wrote:
>> I hope GateKeeper is as far as
>> they go, that it's not just the first step away from freedom.
>>
>> Mike Erwin
>
> Why do names like GateKeeper make me feel like I am living in some bad
> SF book with a bad ending?

Are you the keymaster? :)

> On the real side, security is very important. I am getting sick of all
> this mafia, china, cia etc type stuff trying to break into our
> computers.

I think we all are!

> Can we find someone that has already paid and let them sign it?

If a developer is going to put their name and reputation on the line
by signing the file, I would assume that they would also be the one to
compile the binaries. I can only imagine how much egg on faces would
go around and hit news sites in the situation where some random
developer with a poorly maintained and virus infected machine started
getting his binaries signed by some other developer and uploaded to
apple servers, giving users a false sense of security and possibly
bring legal action towards the poor guy who was asked to blindly sign
some file.

I guess what I am trying to say is that I would love to see a nice
secure approach to software in general, but if you are going to take
security seriously and get into certificates and digital signatures
etc., then it should be done right from the start by getting someone
well trusted to do the signing, and only on a fresh (format + install
+ updates) and secured (not connected to internet 24/7, restrictive
firewall, strong passwords, etc.) install of the OS of the target
platform. Otherwise the signing is about as (in)effective as a self
signed cert, created and used on a machine that you use for general
internet usage and letting random house guests browse the internet
with. :)

So, if you are going to do it, be sure to do it right! (tm) :)

troubled