[Qgis-psc] [SAC] Osgeo Code signing certificates
Sandro Santilli
strk at keybit.net
Tue Apr 19 22:55:13 PDT 2016
On Tue, Apr 19, 2016 at 03:59:31PM -0600, Larry Shaffer wrote:
> I have done some more research. From what I have found, Apple *requires*
> that the signing certificate for passing Mac Gatekeeper policies be an
> Apple CA-signed certificate that has been generated from a CSR of only a
> valid Apple Developer ID [0]. The code can be signed with a third-party
> certificate (still securing the app against tampering), but such a signing
> will NOT pass Gatekeeper, i.e. purchasing a non-Apple code-signing
> certificate will be a wasted purchase for Mac distributions.
Could OSGeo take an official position against this reduction of user
freedom when it comes to running an Apple system, and provide hints
to take back ownership of owned machines ?
Such mechanisms are a huge obstacle for the spread of open source
software, beacuse even if OSGeo pays the tax the user won't be
able to use the sources, unless she knows how to circumvent the
"Gatekeeper" monster.
Would it be possible, for example, to encode this knolwedge inside
the eventually acquired ceritification itself, or into the signed
binary in form of a popup to warn users about the matter ?
And, as I suggested in another thread, _require_ the payment of a fee
for _downloading_ a signed binary ? The user would then be challenged
to either pay to keep using Gatekeeper or learn to kill it...
--strk;
More information about the Qgis-psc
mailing list