[Qgis-psc] [SAC] Osgeo Code signing certificates

Jonathan Moules jonathan-lists at lightpear.com
Wed Apr 20 09:36:58 PDT 2016 

Hi Sandro
I get what you're saying, and entirely agree with the principle.
But unfortunately the practicalities disagree; compare Android and iphones - Apple has a closed ecosystem and a fraction of the malware that Android has (anything from 3%-20% depending on the report). The primary difference between the platforms is the fact that anyone can install whatever on Android but there's more stringent curation on an Apple. In many cases those files you can access on Android contain Bad Things.

Raising user awareness only works to an extent. If users aren't following basic security awareness already, I'm not sure an OSGEO\QGIS campaign would achieve much.

(Disclaimer - I own neither type of device; no oars in that race).
Cheers,
Jonathan


---- On Wed, 20 Apr 2016 17:05:37 +0100 Sandro Santilli<strk at keybit.net> wrote ---- 

On Wed, Apr 20, 2016 at 04:23:58PM +0100, Jonathan Moules wrote: 
 
> That said, I don't know what the solution is, but I do know that 
> relying on user awareness is a recipe for the botnet filled internet we 
> have today. 
 
I'm not talking about "relying on" but about "raising" the user 
awareness. Hiding the problem of having put trust in the sole hands 
of the OS provider doesn't help with that. 
 
I see how this trust chain harms availability of software in the 
smartphone world. Most services only ship their code via the "official 
store". No easy way to get a direct link to an .apk package directly 
from the authors. Most software _writers_ solely rely on the device 
store, forcing users to _register_ (and give their personal data) to 
the store owner, and even accepting to _pay_ for that disservice. 
 
The only advantage here goes to the "land" lords, whereas the "land" 
is the hardware we think to _buy_, as user, but in fact are just 
_renting_. 
 
REMINDER: I'm not against buying those certificates, but I would 
 consider it an investiment in an information campaign. 
 
--strk; 




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20160420/5a768ed5/attachment.html>

More information about the Qgis-psc mailing list