Linked by Thom Holwerda on Thu 16th Feb 2012 14:46 UTC
Mac OS X Well, this is a surprise. Several websites have a preview up of Apple's next Mac OS X release - it's called Mountain Lion, and continues the trend of bringing over functionality from iOS to Mac OS X. Lots of cool stuff in here we've all seen before on iPhones and iPads, including one very, very controversial feature: Gatekeeper. Starting with Mac OS X 10.8, Apple's desktop operating system will be restricted to Mac App Store and Apple-signed applications by default (with an opt-out switch), following in Windows 8's footsteps.
Thread beginning with comment 507515
To view parent comment, click here.
To read all comments associated with this story, please click here.
Neolander
Member since:
2010-03-08

Well, I have a Fedora install right before my eyes, and I can download and install random RPMs from the internet just fine.

I can also build source packages and install them manually if I really want to. There is no attempt from the Fedora project to make this task difficult.

That's what Thom is talking about here. Signed repositories are not bad in themselves, they only become a problem when users are not able to install software from a third-party source without vendor-imposed hassle.

Edited 2012-02-16 20:42 UTC

Reply Parent Score: 7

lucas_maximus Member since:
2009-08-18

Well, I have a Fedora install right before my eyes, and I can download and install random RPMs from the nternet just fine.

I can also build source packages and install them manually if I really want to.

That's why Thom is talking about. Signed repositories are not bad in themselves, they only become a problem when users are solely able to install software from a single source without hassle.


I have a fedora install as well ... :|

I don't understand where the problem is coming from, developer X get Key Y and signs their applications with it ... users can install it ... I don't understand what the problem is.

I work in the software world with many crap bits of software and this lock-in in childs play compared to what I have to deal with ... I wish it was this easy to work around.

Edited 2012-02-16 20:52 UTC

Reply Parent Score: 2

TomF Member since:
2010-01-22

"Well, I have a Fedora install right before my eyes, and I can download and install random RPMs from the nternet just fine.

I can also build source packages and install them manually if I really want to.

That's why Thom is talking about. Signed repositories are not bad in themselves, they only become a problem when users are solely able to install software from a single source without hassle.


I have a fedora install as well ... :|

I don't understand where the problem is coming from, developer X get Key Y and signs their applications with it ... users can install it ... I don't understand what the problem is.

I work in the software world with many crap bits of software and this lock-in in childs play compared to what I have to deal with ... I wish it was this easy to work around.
"

and soon enough TPM chips will be mandatory and you won't get any modern hardware to install Fedora (me like!) on....

TomUK

Reply Parent Score: 2

Neolander Member since:
2010-03-08

I have a fedora install as well ... :|

I don't understand where the problem is coming from, developer X get Key Y and signs their applications with it ... users can install it ... I don't understand what the problem is.

My problem essentially revolves around two elements :
-Where does key Y come from ? The developer himself (self-signing) or a third party ?
-If it is a third party, may it choose not to provide keys to the developer and/or to revoke existing keys ?

Again, I have no problem with OS manufacturers maintaining their own repository, signed by them, fully under their control, integrated in fresh OS installs, etc... But I think that independently distributed software has its place too. OS manufacturers may not favor it, but making it artificially difficult to install and/or use crosses the line.

Is it easier to understand this way ?

Edited 2012-02-16 21:32 UTC

Reply Parent Score: 3

rhavyn Member since:
2005-07-06

That's what Thom is talking about here. Signed repositories are not bad in themselves, they only become a problem when users are not able to install software from a third-party source without vendor-imposed hassle.


Unfortunately, Thom's anti-Apple blinders are on so tight he is spreading verifiably false information. There is nothing stopping user's from installing software from anywhere in Mountain Lion and there is, at the worst, a minor easily avoided vendor imposed hassle.

1. You can download signed software from anywhere. The certificate is in the developer's name and Apple has no way to restrict what is signed or where it's distributed.

2. Even if you are not using the "Allow anything" preference, all you need to do is right click an app, click open and then click through an "Are you sure" prompt. From then on you can run the app with no prompt.

There is nothing in this release that makes it difficult to get around Gatekeeper if it's turned on and there is an option to turn it off completely if my #2 is too much for you.

Reply Parent Score: 2

Neolander Member since:
2010-03-08

You can download signed software from anywhere. The certificate is in the developer's name and Apple has no way to restrict what is signed or where it's distributed.

AFAIK, Apple is the only source of signing keys and may blacklist any key they have delivered previously using OS security updates. If both of these statements are true, they have enough resources to ban software from any developer at will, though possibly not in a fine-grained way.

Even if you are not using the "Allow anything" preference, all you need to do is right click an app, click open and then click through an "Are you sure" prompt. From then on you can run the app with no prompt.

Sure, when running a program on OS X doesn't work, your first idea is to right click it, especially considering the frequent use of right clicks in the OS X UI and the simplicity of performing a right click on Macs...

I am not saying that running unsigned software is impossible on OS X 10.8, though it may become the case in later releases of OS X. But it does seem that Apple want to make it difficult on purpose.

Edited 2012-02-16 21:16 UTC

Reply Parent Score: 2