Friday, March 7, 2008

Code Signing and You

Mike Ash:

Code signing itself is a neutral technology, but it gives incredible power to the system vendor, and that power is just waiting to be exercised and abused. I believe that the iPhone is serving as a testbed to see how users and developers will react to an environment with ubiquitous code signing and control. If it goes well I think we can expect to see our desktop Macs gradually move in this direction as well.

1 Comment RSS · Twitter


The purpose of signature for Desktop is not exactly the same as for an iPhone.

On Mac, it's a powerfull toll that can be configured by the user/administrator to restrict code execution, but it MUST remain under the machine administrator 's control.

An network admin must be able to says: I want that only Apple's code, and applications approved by me run on those machines.

And so, I don't think Apple plan to restrics the execution of applications on desktop, but they will give the admin a way to do it.

On iPhone, it look like they plan to use the "Only code signed by Apple" restriction.

Leave a Comment