←back to thread

522 points josephcsible | 1 comments | | HN request time: 0.208s | source
Show context
mixologic ◴[] No.45570464[source]
If you want to install software on your Microsoft Windows computer, it has to be signed by a verified developer, otherwise you get an overridable warning that the developer cannot be verified, the software may contain malware etc.

If you want to install software on you MacOS machine, the same thing applies. It must come from a verified developer with an apple account, otherwise you get a warning and must jump through hoops to override. As of macos15.1 this is considerably more difficult to override.

If you want to install iOS apps, the apps have to be signed by a verified developer. Theres no exceptions.

I just dont see a future where being able to create and publish an app anonymously is going to be supported.

Becoming a verified developer is a PITA, and can take a while or be impossible (i.e. getting a DUNS number if you're in a sanctioned country might be not at all possible) but at the same time, eliminating the ability of our devices from running any old code it downloads and runs is a huge safety win.

replies(6): >>45570536 #>>45570538 #>>45570695 #>>45570709 #>>45570822 #>>45570944 #
gumby271 ◴[] No.45570538[source]
I dunno man, it doesn't feel like a "huge safety win" that my computer has to check with a singular US tech company before it will let me use any software on it.
replies(1): >>45572214 #
mixologic ◴[] No.45572214[source]
That's only sorta how it usually works. The developer has to check with a singular US tech company before they can sign the software they've given you.

Except yeah, the way this android stuff works is closer to that way. Instead of Google giving out a key for signing, they instead ask for one and tie a developer to a namespace, so yeah, I guess your Android phone has to check whether or not that namespace is "in the clear"

replies(1): >>45572971 #
1. gumby271 ◴[] No.45572971[source]
Right, Google could revoke that signature at any time and my device would refuse to install that software. The exact mechanics don't really matter, the end result is the same, my device will only install software that one company approves of and can change at any time, huge win for security right?