«

Roger Johnstone wrote:

> In <gfdqbg$nr9$> Lawrence D'Oliveiro wrote:
>
>> In message <20081111190651982+>, Roger
>> Johnstone wrote:
>>>
>>> No, it's not a copy protection feature. As I understand it security
>>> features like the firewall or Keychain password manager use code
>>> signing to verify the identity of a trusted application.
>>
>> That's not the way to do it.
>
> Because?

Look at the way Linux package-management systems do it: the digital signing doesn't prevent you from customizing things however you like--it's your choice, you have the last word, not the platform vendor.

>>>> Except that other OSes can be as secure, or even more so, without
>>>> wearing down the user with confirmation fatigue.
>>>
>>> Interesting, how do other OSes do it?
>>
>> In Linux/Unix as an example, most apps run as an ordinary user. No
>> need for root privileges, hence no need to ask for them.
>
> As I'm sure you're aware Mac OS X is the same. The code signing has
> nothing to do with root privileges. OS updaters (including Linux)
> typically use code signing to verify that downloaded updates haven't
> been tampered with. Apple also now uses it to verify that applications
> haven't been tampered with without the user's permission.

Like I said, that's not the way to do it.