incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Herbert Duerr <...@apache.org>
Subject Re: "end-user operating systems" Re: [VOTE] Apache OpenOffice Community Graduation Vote
Date Tue, 28 Aug 2012 07:27:53 GMT
On 27.08.2012 23:11, Andreas Kuckartz wrote:
> Rob Weir:
>> You probably don't see this on the server yet, but end-user operating
>> systems, both desktop and devices, both at OS level as well as in
>> browsers and with antivirus software, are shifting over to excluding
>> non-signed executable by default.  This is equally true of software
>> distributed on CD's, via downloads, or listed in OS-vendor "stores".
>>   That is the direction that the industry is going.  Any desktop
>> application that ignores this trend will become unusable by most
>> users.  Instead of detached digital signatures that Apache releases
>> already carry, the OS vendors expect integrated signatures via code
>> signing.
>
> Sorry for extending this thread, but I am curious:
>
> Which "OS vendors" and "end-user operating systems" are you talking about?

For Windows 8 please see e.g.
    http://msdn.microsoft.com/en-us/library/windows/desktop/hh749939.aspx
"6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr) 
must be signed with an Authenticode certificate"

For Mac OSX 10.8 please see e.g.
   https://developer.apple.com/resources/developer-id/
"Gatekeeper is a new feature in OS X Mountain Lion that helps protect 
users from downloading and installing malicious software. Signing your 
applications, plug-ins, and installer packages with a Developer ID 
certificate lets Gatekeeper verify that they are not known malware and 
have not been tampered with."
and
   http://macperformanceguide.com/MountainLion-application-signing.html
"By default, Mac OS X Mountain Lion disables the ability to run 
applications which are not signed, the idea being to prevent hackers 
from persuading you to run a nefarious application.

This is an excellent security precaution, but also a headache until all 
apps are signed"

> The end-user operating system Debian does not require integrated signatures:
> http://wiki.debian.org/SecureApt

Debian is a great end-user operating system and I'm using it for my main 
computing needs. Other contenders in the market for end-user operating 
systems like Microsoft and Apple are still relevant though so the 
requirements they impose on applications cannot be easily ignored.

Herbert

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message