[CentOS] Fedora change that will probably affect RHEL [META]

Thu Jul 30 19:17:57 UTC 2015
m.roth at 5-cent.us <m.roth at 5-cent.us>

Tom Bishop wrote:
> On Thu, Jul 30, 2015 at 1:20 PM, Warren Young <wyml at etr-usa.com> wrote:
>> On Jul 29, 2015, at 5:40 PM, Chris Murphy <lists at colorremedies.com>
>> wrote:
>> > On Wed, Jul 29, 2015 at 4:37 PM, Warren Young <wyml at etr-usa.com>
>> wrote:
>> >
>> >> Security is *always* opposed to convenience.
>> >
>> > False.  OS X by default runs only signed binaries, and if they come
>> > from the App Store they run in a sandbox. User gains significant
>> > security with this, and are completely unaware of it. There is no
>> > inconvenience.
>> You must not use OS X regularly, else you’d know there is plenty of
>> inconvenience in this policy.  There’s a whole lot of good software that
>> is both unsigned and not in the App Store.  Examples:
>> a. Most open source software.  Many of these projects (e.g. KiCad) can
>> barely manage to serve community-provided unsigned binaries on OS X as
>> it
>> is. Signing apps and managing the App Store submission process is out
>> of the question.  The next version of OS X will block all the third-party
>> app epositories (e.g. Homebrew) by default, in order to provide better
>> security:
>>   http://www.imore.com/os-x-el-capitan-faq
>> b. Most network monitoring software, because putting en0 into
>> promiscuous mode violates the Gatekeeper rules.  (Wireshark, etc.) 
Some App Store
>> networking software (e.g. RubberNet) manages to get around this by
>> offering a second app download from the author’s web page.  You don’t
call that
>> inconvenient?
>> c. Low-level utilities, such as Karabiner and Scroll Reverser, since
>> they also need to bypass the sandbox guidelines to do their job.
>> On top of all that, to bypass Gatekeeper, you need to right-click an app
>> and disable Gatekeeper for it on the first launch.  Another
>> inconvenience.
>> I’m not saying Gatekeeper and such are bad, only that they are in fact
>> exemplars of the rule: better security always causes greater
>> inconvenience.
>> > What is the inconvenience of encrypting your device compared to the
>> > security?
>> I can’t hook my iPad up to my PC and browse it as just another
>> filesystem, as I can with any other digital camera or MP3 player.
>> Apple must do this in order to prevent sideloading malicious apps.
>> Did you see my exchange with James Byrne?  His bogus counter to my claim
>> that iPads
> +Snip+
> Can someone mod this thread, I'm sure everyone has an opinion about this I
> know I do and obviously so do other but I think the fedora mail list would
> be more suited to this discussion.
> I think enough points and counter points have been said, lets move onto
> more relevant Centos Topics.

Seconded. All this appears, in the few I've glanced at for a while, seem
to be Apple fan stuff.