Tom Bishop wrote: > On Thu, Jul 30, 2015 at 1:20 PM, Warren Young <wyml@xxxxxxxxxxx> wrote: >> On Jul 29, 2015, at 5:40 PM, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> >> wrote: >> > On Wed, Jul 29, 2015 at 4:37 PM, Warren Young <wyml@xxxxxxxxxxx> >> wrote: >> > >> >> Security is *always* opposed to convenience. >> > >> > False. OS X by default runs only signed binaries, and if they come >> > from the App Store they run in a sandbox. User gains significant >> > security with this, and are completely unaware of it. There is no >> > inconvenience. >> >> You must not use OS X regularly, else you’d know there is plenty of >> inconvenience in this policy. There’s a whole lot of good software that >> is both unsigned and not in the App Store. Examples: >> >> a. Most open source software. Many of these projects (e.g. KiCad) can >> barely manage to serve community-provided unsigned binaries on OS X as >> it >> is. Signing apps and managing the App Store submission process is out >> of the question. The next version of OS X will block all the third-party >> app epositories (e.g. Homebrew) by default, in order to provide better >> security: >> >> http://www.imore.com/os-x-el-capitan-faq >> >> b. Most network monitoring software, because putting en0 into >> promiscuous mode violates the Gatekeeper rules. (Wireshark, etc.) Some App Store >> networking software (e.g. RubberNet) manages to get around this by >> offering a second app download from the author’s web page. You don’t call that >> inconvenient? >> >> c. Low-level utilities, such as Karabiner and Scroll Reverser, since >> they also need to bypass the sandbox guidelines to do their job. >> >> On top of all that, to bypass Gatekeeper, you need to right-click an app >> and disable Gatekeeper for it on the first launch. Another >> inconvenience. >> >> I’m not saying Gatekeeper and such are bad, only that they are in fact >> exemplars of the rule: better security always causes greater >> inconvenience. >> >> > What is the inconvenience of encrypting your device compared to the >> > security? >> >> I can’t hook my iPad up to my PC and browse it as just another >> filesystem, as I can with any other digital camera or MP3 player. >> Apple must do this in order to prevent sideloading malicious apps. >> >> Did you see my exchange with James Byrne? His bogus counter to my claim >> that iPads >> > > +Snip+ > > Can someone mod this thread, I'm sure everyone has an opinion about this I > know I do and obviously so do other but I think the fedora mail list would > be more suited to this discussion. > > I think enough points and counter points have been said, lets move onto > more relevant Centos Topics. > Seconded. All this appears, in the few I've glanced at for a while, seem to be Apple fan stuff. mark _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos