I actually think that the distros should be more aggressive about this, and do what OSX seems to be doing: Don't allow unsigned packages to be installed without a flipped switch. Why? Because anyone who can't figure out how to flip that switch shouldn't be installing unsigned binaries, in my opinion.
In regards to OSX, the argument seems to be that this is a step towards not even having the switch there, and yes, they may be headed that way which is unfortunate. I think that's a mistake that would end up biting them if they tried it, but maybe I'm naive. I still think being more aggressive in only allowing signed binaries by default is a good approach, even for open source systems.
In regards to OSX, the argument seems to be that this is a step towards not even having the switch there, and yes, they may be headed that way which is unfortunate. I think that's a mistake that would end up biting them if they tried it, but maybe I'm naive. I still think being more aggressive in only allowing signed binaries by default is a good approach, even for open source systems.