[Qgis-psc] [SAC] Osgeo Code signing certificates

Sandro Santilli strk at keybit.net
Wed Apr 20 03:54:25 PDT 2016


On Wed, Apr 20, 2016 at 04:39:03AM -0600, Larry Shaffer wrote:
> Hi,
> 
> If the OSGeo is considering taking the following stances...

Larry, it looks like you misunderstood my stances completely.

> * referring to the industry standard practice of code-signing, which
> protects the user from anyone tampering with software they are installing
> or have installed, as something that needs a workaround;

I've nothing against code-signing, but I think the user needs to be
able to decide who to trust.

> * that the default security practices and implementations on major OSes is
> somehow evil to their users, and that the users need protected from such
> losses of freedom;

It is evil if an OS enforces what's good or bad to a user.
Not evil if the user decides who to trust.

> * that the OSGeo needs to train users on how to circumvent these default
> security protections;

OSGeo needs to train users on how to tell their OS to trust OSGeo,

> then an anti-reality warp is in effect, which will only hurt users who
> actually just want to use the open-source software.

Users that just want to use open-source software should be able to
do so w/out their OS fighting against that. If any OS is fighting,
OS advocates should fight back.

--strk;



More information about the Qgis-psc mailing list