Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Either that or (Score 1) 4

It pulls the chumps off of Wall Street to work in relatively economically harmless cabinet positions, thus allowing a new generation to take over on Wall Street producing a boom.

The Peter Principle- it still could work.

Comment Re:Replacing CMD (Score 1) 110

Furthermore, you overestimate how difficult it is to obtain a valid certificate. All I need to do is own a domain.

This is true of TLS but not of code signing. There's no counterpart to Let's Encrypt ($0 for 90 days) or ($15 for three years), as far as I've been made aware. And a TLS certificate works across all major platforms, unlike an Authenticode certificate that works only for Windows, not for macOS or anything else. Apple is the only CA on macOS, and it charges $99 per year for a certificate that passes Gatekeeper.

I have a feeling I missed something important.

Comment Re:That's why script execution is off by default (Score 1) 110

It's a little bit like TLS certificates for internal applications -- many admins I know will do the absolute minimum required to stop the browser from showing a certificate error, then run away screaming.

The difference being that with TLS, browsers treat a domain-validated certificate as sufficient, but there's no counterpart to DV certificates in code signing.

Comment Re:Replacing CMD (Score 2) 110

What would a signature possibly mean to me as a user if I don't know you?

All code signing certificates issued by CAs trusted by popular operating systems are at least organizationally validated. This means two things: 1. the executable wasn't modified since it left the publisher's build farm, and 2. you know whom to sue if there are problems (especially in jurisdictions that don't allow a blanket disclaimer of all liability).

With or without a signature, my choice is still: either I run this script I need to my job, or I don't and I can't do my job (or it gets much, much harder).

I think the idea is that when faced with an unsigned script and a competitor's signed script, users will choose the signed script because of the guarantees of an OV certificate.

Slashdot Top Deals

1 1 was a race-horse, 2 2 was 1 2. When 1 1 1 1 race, 2 2 1 1 2.