| ▲ | nixpulvis 10 hours ago |
| We need a better way to sign and verify software. Clearly companies like Microsoft and Apple have not been good for the open source communities and are inhibiting innovation. |
|
| ▲ | iamniels 10 hours ago | parent | next [-] |
| We need better OSes such that signing of software is not required to keep your computer safe. |
| |
| ▲ | drewfax 5 hours ago | parent | next [-] | | GrapheneOS is doing lot of things right in this regard. Robust permission system adopted from AOSP and hardening by default in every imaginable way. Things like hardened malloc, storage scopes are excellent security features. Malware cannot do much even with the default settings. | |
| ▲ | layer8 4 hours ago | parent | prev | next [-] | | With a file system driver like Veracrypt, if it’s malicious, the OS might keep your computer safe, but not your files that you store in that file system. | |
| ▲ | nixpulvis 2 hours ago | parent | prev | next [-] | | Yes, I completely agree. | |
| ▲ | fsflover 4 hours ago | parent | prev [-] | | Qubes OS is such OS: it runs everything in VMs with strong hardware isolation. My daily driver, can't recommend it enough. |
|
|
| ▲ | PunchyHamster 10 hours ago | parent | prev | next [-] |
| Just add code cert generation to letsencrypt, it's not like MS validates the code that you sign used certs from them anyway |
| |
| ▲ | mr_mitm 10 hours ago | parent [-] | | What would be the point? How would you prevent malware from being signed? Currently, code signatures are used as a signal for trustworthiness of the code. | | |
| ▲ | sidewndr46 8 hours ago | parent | next [-] | | Microsoft signed the Crowdstrike updates. I don't think a CA signing a piece of malware is a realistic thing to be concerned about. | |
| ▲ | megous 5 hours ago | parent | prev | next [-] | | Only signal is that whoever is in the subject DN (highly) probably signed the code. There's 0 signal about trustworthiness of the code in the signature. Thrustworthiness signal is in the behavior/reputation of the signer. Pretty sure there were historically a lot of apps that stole peoples contact lists and were signed properly. Certainly in the Android world. | |
| ▲ | duskdozer 9 hours ago | parent | prev | next [-] | | Is it some entirely different process than providing hashes and a GPG signature? | | |
| ▲ | mr_mitm 8 hours ago | parent [-] | | Well, yes. Just look at OP and Jason struggling to get their code signed. |
| |
| ▲ | Eldt 9 hours ago | parent | prev [-] | | Misplaced trustworthiness? |
|
|
|
| ▲ | Pay08 8 hours ago | parent | prev | next [-] |
| On the source code side, I quite like the way Guix does things, i.e. needing every commit to be gpg-signed. They even have a handy tool for verifying the repo[0] but I'm not sure how viable this is for non-OSS projects. [0]: https://guix.gnu.org/manual/devel/en/html_node/Invoking-guix... |
|
| ▲ | uyzstvqs 3 hours ago | parent | prev | next [-] |
| I suggest that developers could self-sign to verify the legitimacy of future updates. Otherwise leave it unsigned. This entire "big tech overlords have to sign apps & drivers to keep you safe" concept is one giant pile of nonsense. |
|
| ▲ | tamimio 8 hours ago | parent | prev | next [-] |
| It should something like web certificates, you can bring your own. |
|
| ▲ | realusername 9 hours ago | parent | prev [-] |
| I think this is fundamentally an unsolvable problem and I'm not even sure it's worth pursuing. Any large scale signing platform will have large oversights and be rendered useless. See the appstore / play store/windows... |
