Hacker News new | past | comments | ask | show | jobs | submit login

> But, fighting optional code signing the wrong battle. As long as the requirement can be disabled, there's nothing wrong here. Safe, but optional defaults are a good, practical compromise.

I'm not convinced this is true. Over time, voluntary adoption of this will steadily increase. Then when it reaches a certain level of ubiquity, Apple can flip the switch to make it mandatory and since 99% of users won't have their day-to-day impacted the blowback will be tolerable to Apple.

This has to be fought now, while it still is optional. Otherwise we're already sunk.

But consider all the legitimate benefits of having these (optional) defaults. I can give a Mac to my grandmother and be reasonably confident she won't download a keylogger that steals her bank password or some such. Meanwhile, I can also give my coworker instructions for running the video downloader Applescript I made.

The problem with "slippery slope" arguments is that in many aspects of life, the optimal solution is a balance between two extremes. You can't reach that midpoint unless you're willing to venture down the slope partway.

Here's another way to prevent this eventuality—teach everyone how to disable these checks, when they have a legitimate reason to do so. I feel like I keep getting blowback for saying this, but I'm pretty frustrated at how strongly much of the Apple community advises against disabling Gatekeeper and SIP. If you want to theme your Mac's UI or modify UI sounds or some such, and you're savvy enough to boot into recovery mode, go ahead and turn SIP off, and don't feel like you're constantly putting your data at risk, because it's really not that big a deal.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact