[OpenAFS] any experiences with OpenAFS client on the upcoming
MacOS 10.10 (yosemite) release?
Mattias Pantzare
pantzer@ludd.ltu.se
Tue, 21 Oct 2014 07:37:16 +0200
--001a11c13e4a57e1660505e8397d
Content-Type: text/plain; charset=UTF-8
Why would signing of binaries imply anything more that just generate the
binaries without signing? The only thing that signing anything adds it a
way to prove that nothing has been altered.
You are just as open for lawsuits without signing, the only difference is
that you can trace the right source more easily with the signing.
On Tue, Oct 21, 2014 at 1:16 AM, Jeffrey Altman <
jaltman@secure-endpoints.com> wrote:
> On 10/20/2014 3:40 PM, Benjamin Kaduk wrote:
> >
> > Some individual or organization will need to step forward to do that
> > signing; I do not believe that there is an "OpenAFS" organization
> > currently able or prepared to do so. (Perhaps the Foundation could, but
> I
> > am not sure.)
>
> The correct entity to do so for OSX and Microsoft Windows and any other
> platform for which OpenAFS.org will distribute signed binaries is the
> OpenAFS Foundation. Signing binaries implies an acceptance of liability
> if those binaries were to cause harm. The OpenAFS Foundation should not
> sign binaries until it has appropriate insurance coverage in place to
> protect the release team and the developers that
> contribute to the release.
>
> Your File System Inc. currently signs the Windows installers because
> those packages are predominantly a product of YFSI developers and it has
> the appropriate General and Errors and Omissions insurance policies in
> place to cover any lawsuits that might be initiated.
>
> Jeffrey Altman
>
>
>
--001a11c13e4a57e1660505e8397d
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Why would signing of binaries imply anything more that jus=
t generate the binaries without signing? The only thing that signing anythi=
ng adds it a way to prove that nothing has been altered.<div><br></div><div=
>You are just as open for lawsuits without signing, the only difference is =
that you can trace the right source more easily with the signing.</div><div=
><br></div></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">=
On Tue, Oct 21, 2014 at 1:16 AM, Jeffrey Altman <span dir=3D"ltr"><<a hr=
ef=3D"mailto:jaltman@secure-endpoints.com" target=3D"_blank">jaltman@secure=
-endpoints.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" s=
tyle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><spa=
n class=3D"">On 10/20/2014 3:40 PM, Benjamin Kaduk wrote:<br>
><br>
> Some individual or organization will need to step forward to do that<b=
r>
> signing; I do not believe that there is an "OpenAFS" organiz=
ation<br>
> currently able or prepared to do so.=C2=A0 (Perhaps the Foundation cou=
ld, but I<br>
> am not sure.)<br>
<br>
</span>The correct entity to do so for OSX and Microsoft Windows and any ot=
her<br>
platform for which OpenAFS.org will distribute signed binaries is the<br>
OpenAFS Foundation.=C2=A0 Signing binaries implies an acceptance of liabili=
ty<br>
if those binaries were to cause harm.=C2=A0 The OpenAFS Foundation should n=
ot<br>
sign binaries until it has appropriate insurance coverage in place to<br>
protect the release team and the developers that<br>
contribute to the release.<br>
<br>
Your File System Inc. currently signs the Windows installers because<br>
those packages are predominantly a product of YFSI developers and it has<br=
>
the appropriate General and Errors and Omissions insurance policies in<br>
place to cover any lawsuits that might be initiated.<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
Jeffrey Altman<br>
<br>
<br>
</font></span></blockquote></div><br></div>
--001a11c13e4a57e1660505e8397d--