[CentOS] Fedora change that will probably affect RHEL

Thu Jul 30 18:47:26 UTC 2015
Tom Bishop <bishoptf at gmail.com>

On Thu, Jul 30, 2015 at 1:20 PM, Warren Young <wyml at etr-usa.com> wrote:

> On Jul 29, 2015, at 5:40 PM, Chris Murphy <lists at colorremedies.com> wrote:
> >
> > On Wed, Jul 29, 2015 at 4:37 PM, Warren Young <wyml at etr-usa.com> wrote:
> >
> >> Security is *always* opposed to convenience.
> >
> > False.  OS X by default runs only signed binaries, and if they come
> > from the App Store they run in a sandbox. User gains significant
> > security with this, and are completely unaware of it. There is no
> > inconvenience.
>
> You must not use OS X regularly, else you’d know there is plenty of
> inconvenience in this policy.  There’s a whole lot of good software that is
> both unsigned and not in the App Store.  Examples:
>
> a. Most open source software.  Many of these projects (e.g. KiCad) can
> barely manage to serve community-provided unsigned binaries on OS X as it
> is.  Signing apps and managing the App Store submission process is out of
> the question.  The next version of OS X will block all the third-party app
> repositories (e.g. Homebrew) by default, in order to provide better
> security:
>
>   http://www.imore.com/os-x-el-capitan-faq
>
> b. Most network monitoring software, because putting en0 into promiscuous
> mode violates the Gatekeeper rules.  (Wireshark, etc.)  Some App Store
> networking software (e.g. RubberNet) manages to get around this by offering
> a second app download from the author’s web page.  You don’t call that
> inconvenient?
>
> c. Low-level utilities, such as Karabiner and Scroll Reverser, since they
> also need to bypass the sandbox guidelines to do their job.
>
> On top of all that, to bypass Gatekeeper, you need to right-click an app
> and disable Gatekeeper for it on the first launch.  Another inconvenience.
>
> I’m not saying Gatekeeper and such are bad, only that they are in fact
> exemplars of the rule: better security always causes greater inconvenience.
>
> > What is the inconvenience of encrypting your device compared to the
> > security?
>
> I can’t hook my iPad up to my PC and browse it as just another filesystem,
> as I can with any other digital camera or MP3 player.  Apple must do this
> in order to prevent sideloading malicious apps.
>
> Did you see my exchange with James Byrne?  His bogus counter to my claim
> that iPads
>

+Snip+

Can someone mod this thread, I'm sure everyone has an opinion about this I
know I do and obviously so do other but I think the fedora mail list would
be more suited to this discussion.

I think enough points and counter points have been said, lets move onto
more relevant Centos Topics.

Thanks