View Single Post
Old 01-20-2013, 11:36 AM   #14
knc1
Embedded Cheerleader
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,226
Karma: 5830430
Join Date: Feb 2012
Device: Too many.
GUI Launcher power

One of the most powerful things that could be imagined on a *nix machine -

Drop a shell script (and supporting files) in user storage - run it as 'root'

Also opens the door to malicious scripting targeted at the end-user who can not (or will not) read them before running them.

OK - I really, really hate to rain on this mornings parade, but . . . .

Let us adopt the habit of having the author always provide a detached signature file that can be checked for authentic with a pgp or gpg public key.

All host OSs support that checking (with either the pgp or gpg applications) - so signature checking can be off-kindle ;
Each provider of an archive can use their own key pair ;
Each provider can post their public key of the pair in a trusted location - here or on a public gpg key server ;

Adopting this sort of policy should be welcomed by the providers of archive packages - it minimizes the liability of "Your application published all my personal data" - - -
If that installed application archive **was not** signed by the author who published it - then s/he didn't do it - sue someone else.

Adopting this sort of policy should be welcomed by the end-users of these archive packages - it gives assurance that they are using an **authentic** copy of the author's archive.

Yes, of course, humans have a tendency to not download and test the signature against the archive -
That only means they have chosen not to protect themselves, their device and their personal information **PRIOR** to running the archived application.
Their loss, their fault, none of us did it to you. Go sue someone else.

Here is a worked example -
My mirrors.minimodding.com domain publishes **copies** of other peoples archives.
You will find a signature file for every archive posted.
In the side-bar you can find two (2) independent sources of the public key needed to check that the archives are authentic. (Which also does a checksum test for corrupted downloads.)

For Linux (any *nix) and probably for MacOSx also, it is just a matter of the user downloading both the archive and the signature - -
Then in their file manager, clicking on "check signature" for the archive.
At which point (if it passes) they know they have a true copy of whatever I posted.

Simple - only adds a couple of clicks to the entire process of installing a new application for the launcher.

For the author - nearly as simple - in your file manager just click the file and pick "sign" then pick the key you are using for this purpose.

MacOSx:
https://www.gpgtools.org/

WinBoxen:
http://gpg4win.org/

Linux:
Pre-installed by most distributions, and available in your distribution repo if not.

Last edited by knc1; 01-20-2013 at 12:45 PM.
knc1 is offline   Reply With Quote