> Or a bad guy can infect the origin machine of the signed app and alter > the binary before its signed. > > Personally, I don't like letting ANYone run ANY code on my machine > without my explicit permission. That includes HTML email.
Nobody said anything about running code without your permission. Just taking the app installation process from 2 or more prompts, down to a single prompt, provided the software developer has already met certain requirements, including establishing a traceable identity. Anything is possible, and this is of course no exception. Whenever some bad guy infects an innocent developers' computer for the sake of distributing bad apps signed by someone else, it will quickly be discovered, and quickly corrected. Yes, it's bound to happen sometimes, but all the measures in place serve to limit the extent of damage. (Like providing an MD5 checksum with your software, but more automatic, and more powerful. Not impossible to circumvent, but an obstacle nonetheless.) Having the trusted-app-signing obstacle to bad guys is still a step in the right direction. It is more difficult for a bad guy to infect somebody's machine and modify a binary before the innocent person signs it, as compared to the bad guy simply infecting a binary. Take that a step further. It is more difficult for a bad guy to hijack *any* method of app signing on someone else's behalf, as compared to simply not signing. And when it does happen, the innocent developer will quickly be informed, and will have personal motivation to correct it quickly. _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
