[SAC] [Qgis-psc] Osgeo Code signing certificates

Sandro Santilli strk at keybit.net
Wed Apr 20 09:05:37 PDT 2016


On Wed, Apr 20, 2016 at 04:23:58PM +0100, Jonathan Moules wrote:

> That said, I don't know what the solution is, but I do know that
> relying on user awareness is a recipe for the botnet filled internet we
> have today.

I'm not talking about "relying on" but about "raising" the user
awareness. Hiding the problem of having put trust in the sole hands
of the OS provider doesn't help with that.

I see how this trust chain harms availability of software in the
smartphone world. Most services only ship their code via the "official
store". No easy way to get a direct link to an .apk package directly
from the authors. Most software _writers_ solely rely on the device
store, forcing users to _register_ (and give their personal data) to
the store owner, and even accepting to _pay_ for that disservice.

The only advantage here goes to the "land" lords, whereas the "land"
is the hardware we think to _buy_, as user, but in fact are just
_renting_.

REMINDER: I'm not against buying those certificates, but I would
          consider it an investiment in an information campaign.

--strk;


More information about the Sac mailing list