Re: Fedora change that will probably affect RHEL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 07/29/2015 07:40 PM, Chris Murphy wrote:
On Wed, Jul 29, 2015 at 4:37 PM, Warren Young <wyml@xxxxxxxxxxx> wrote:

Security is *always* opposed to convenience.
False. OS X by default runs only signed binaries, and if they come
from the App Store they run in a sandbox. User gains significant
security with this, and are completely unaware of it. There is no
inconvenience.

While I agree with you about the long-term viability of passwords, I'll disagree with this statement. There is a loss of convenience with signed binaries from a store: the user can no longer install directly from the program vendor's website but must go through the walled garden of the store, and developers are held hostage to having to meet the store's policy or get their signing key revoked and/or their app 'de-stored' or worse. There is significant inconvenience to users when their app is removed from the store for whatever reason and they cannot get updates (or reinstall their app, for which they may have paid a fee) anymore because the app is no longer in the store (and that could be for arbitrary reasons, including political ones). This is, of course, the case to a more limited degree with CentOS and signed packages, since packages can be removed from repositories and installation of packages by default requires signed packages (but it's not as inconvenient, nor is it as secure, as the OS X model of only allowing signed binaries to run). For that comparison, repository = store.

What is the inconvenience of encrypting your device compared to the
security? Zero vs a ton more secure (either when turned off and data
is at rest or a remote kill that makes it very fast to effectively
wipe all data)
Or a hackable remote kill that allows an attacker to wipe you device out from under you. Or now the inconvenience of losing access to the encrypted volume because you forgot the exact spelling of that ten word seventy-five character passphrase and you're locked out and no data recovery tool out there will get your files back.

Security and convenience are always at odds with each other; more secure = less convenient in some form or fashion; even if you have to dig for the loss of convenience there will be a loss of convenience somewhere for increased security.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux