I bet security requirements are going to be all over the map in this group.

I bet people who are trying to push out media to end user devices are
going to be VERY interested in signed code, but other people who are
running binaries they completely compiled from source files they just
downloaded from github are going to be more interested in verifying
the provenance of the tarballs they just downloaded than verifying
signatures on executables they just built.

I'm mostly in the latter camp, except for the tiny bits where i'm in
the former. I really want my developers that are building FLOSS
projects to be able to pick operational security procedures that make
sense for them (but yeah, at the same time I don't want to say
"SIGNING EXECUTABLES IS USELESS!" because I do bump up into that world
from time to time and know it's a requirement for some people.)

I guess what I'm saying is... I bet it's going to be a little more
complicated than people might originally think based on their own
experiences. But I also think we could do a small amount of work
up-front to define a handful of security models that will work for 80%
of people on the list and it'll give the other 20% something to point
at when they're trying to describe how it doesn't work.

Do you have specific requirements, Nathan? Like I said, I'm mostly a
backend server farm guy, but every now and again I bump into the
mobile / app store world where code signing makes a lot more sense.

-cheers
-m
--
meadhbh hamrick * it's pronounced "maeve"
@OhMeadhbh * http://meadhbh.hamrick.rocks/ * OhMeadhbh@...
Sent from my TRS-80 Model 102