
Code Signing and What It Does To Your Freedom (in OS X) - blasdel
http://waffle.wootest.net/2009/09/21/code-signing-freedom/
======
duskwuff
Apple _cannot_ make Code Signing "do anything to your freedom" without
breaking the majority of applications available for the platform. Right now,
the only applications which are signed are ones which specifically benefit
from being signed -- most often, ones which store passwords in the Keychain.
(Signing such an application makes the Keychain treat it as still the "same
application" after an upgrade, rather than requiring it to be reauthorized.)
So, if Apple suddenly started requiring desktop apps to be signed, everything
unsigned on the market (probably 90% of applications available) would stop
working. This would be an incredibly stupid decision.

Moreover, almost all existing signed applications are signed with a key that
isn't in any chain of trust (and there's no currently available system for
setting up specially trusted keys), and there's no scheme for encrypting
signed applications. So there's nothing keeping users from either removing a
signature from an application or replacing it with a copy signed with their
own key.

Conclusion? Code signing is not a sinister plot to take away your freedom. It
does exactly what the documentation says. Here's the docs. (These links were
buried deep in the article, but they're worth reading.)

[http://developer.apple.com/mac/library/technotes/tn2007/tn22...](http://developer.apple.com/mac/library/technotes/tn2007/tn2206.html)

[http://developer.apple.com/mac/library/documentation/Securit...](http://developer.apple.com/mac/library/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html)

~~~
DenisM
_and there's no currently available system for setting up specially trusted
keys_

Sure there is. It's called iPhone app dev program. Speaking of which, very
little freedom there and a compelling model for any platform vendor to follow
if they can.

~~~
duskwuff
On the desktop platform, there isn't any keying system. And, as noted, they
can't really start requiring one at this point.

------
dkarl
Apparently it does nothing to your freedom unless Apple makes a bunch of
sinister changes in the future.

 _But in a worst case scenario where everything in the bundle is considered
holy, removal of the certificate from a signed app is prevented and the
integrity of the code signature is checked on launch, the answer is yes. We’re
still far from this point in any of these three dimensions (in order: opt-in,
not that I can see, nope), so there’s no immediate danger._

