Development mailing list

Syndicate content
Archive of posts for haiku-development at FreeLists
Updated: 34 min 19 sec ago

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Sat, 2014-04-05 10:45
Am 28.03.2014 um 04:00 schrieb waddlesplash ajcsweb@xxxxxxxxx: Let me be frank here: I am not opposed to signed packages. I am opposed to too much paranoia. Simple signed packages, as in I guarantee this is in the state X Corp created it in and not Haiku, Inc tested this and verified that it both comes from X Corp and is virus-free. The first is good, the second is paranoia IMO. Actually, that's exactly what I said. I proposed to not sign it by Haiku, Ingo proposed to be able to sign keys with other keys, e.g. with a Haiku Inc. Key. ...
Categories: Development

[haiku-development] Re: Design for signed packages (Kingdon Barrett)

Sat, 2014-04-05 04:45
On Fri, Mar 28, 2014 at 8:52 AM, Kingdon Barrett kingdon@xxxxxxxxxxxxxxxxxx wrote: This is part of Windows 8 logo support for x86/64 machines. There is no requirement to allow user keys or SB deactivation on Windows 8 ARM machines at all, and many (how many different ARM/W8 machines are there?) actually don't support it. I don't think it's a concession to their evil plans at all, when they ...
Categories: Development

[haiku-development] Re: Design for signed packages (Kingdon Barrett)

Sat, 2014-04-05 02:45
I don't really have a position on this, other than... secure boot machines I've used have done some of the weirdest things (like apparently having permanently bricked WiFi in a Yoga 2 after loading up Ubuntu Linux LiveUSB for the first time, with bricked as in bricked)... I just wanted to mention, not really an inaccuracy in context but still I think slightly incomplete information: On Thu, Mar 27, 2014 at 4:50 PM, Jonathan Schleifer js-haiku-development@xxxxxxxxxxx wrote: ...
Categories: Development

[haiku-development] Re: Design for signed packages (Fredrik Holmqvist)

Fri, 2014-04-04 22:45
2014-03-28 10:42 GMT+01:00 Stephan Aßmus superstippi@xxxxxx: I think it is right on topic. A lot of the arguments from Jonathan seemed to be based on the thinking that these guarantees are actually possible to make. It probably deserves its own discussion, security and Haiku seems to be very much 'up in the air' at the moment. We probably should have a grand plan on what we want to achieve in that regard. Kind of wish there was a BeGeistert to talk about this in detail. ...
Categories: Development

[haiku-development] Re: Design for signed packages (Stephan Aßmus)

Fri, 2014-04-04 18:45
Am 28.03.2014 10:23, schrieb Fredrik Holmqvist: 2014-03-28 4:00 GMT+01:00 waddlesplash ajcsweb@xxxxxxxxx: Let me be frank here: I am not opposed to signed packages. I am opposed to too much paranoia. Simple signed packages, as in I guarantee this is in the state X Corp created it in and not Haiku, Inc tested this and verified that it both comes from X Corp and is virus-free. The first is good, the second is paranoia IMO. ...
Categories: Development

[haiku-development] Re: Design for signed packages (Fredrik Holmqvist)

Fri, 2014-04-04 18:45
2014-03-28 4:00 GMT+01:00 waddlesplash ajcsweb@xxxxxxxxx: Let me be frank here: I am not opposed to signed packages. I am opposed to too much paranoia. Simple signed packages, as in I guarantee this is in the state X Corp created it in and not Haiku, Inc tested this and verified that it both comes from X Corp and is virus-free. The first is good, the second is paranoia IMO. I'm not sure if this is really helpful or leading the discussion forward. At some point we need to discuss what should be signed and what guarantees we make, but this thread is about the design of a ...
Categories: Development

[haiku-development] Re: Design for signed packages (waddlesplash)

Fri, 2014-04-04 12:45
Let me be frank here: *I am not opposed to signed packages. I am opposed to too much paranoia.* Simple signed packages, as in I guarantee this is in the state X Corp created it in and not Haiku, Inc tested this and verified that it both comes from X Corp and is virus-free. The first is good, the second is paranoia IMO. You can buy Windows signing keys and sign viruses -- until someone catches you at it, that is. ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Fri, 2014-04-04 02:45
Am 28.03.2014 um 02:12 schrieb François Revol revol@xxxxxxx: That's news to me, last I heard SecureBoot was mandatory on ARM... They had it mandatory on both, but changed the requirements for x86. I don't think ARM is relevant anyway, as there's almost nothing running Windows RT, and only those systems would be affected. It's also not different to other systems where the bootloader is locked, which is the even the case for most Android devices. ...
Categories: Development

[haiku-development] Re: Design for signed packages (François Revol)

Fri, 2014-04-04 02:45
On 27/03/2014 21:50, Jonathan Schleifer wrote: Am 27.03.2014 um 15:44 schrieb François Revol revol@xxxxxxx: I didn't follow the discussion, but as for me, apart from the SecureBoot crap which as I said is more an instrument of control from Microsoft (actually if you really want to trust the firmware, it must also be free software like Coreboot, not a blackbox), I'm interested in making NSA's job harder just because their job is in most cases illegal (and with the complicity of my own government it seems), and I believe we have the right to privacy and we must defend it. ...
Categories: Development

[haiku-development] Re: Design for signed packages (Fredrik Holmqvist)

Fri, 2014-04-04 02:45
2014-03-27 21:43 GMT+01:00 Jonathan Schleifer js-haiku-development@xxxxxxxxxxx: Am 27.03.2014 um 15:39 schrieb Fredrik Holmqvist fredrik.holmqvist@xxxxxxxxx: There's not much point in just starting something like that. If you don't talk about it before, it might never get merged and you just wasted your time. If you don't talk about it, there might also be a fundamental flaw - and you wasted your time. Yes, but it has already been discussed and I think commit messages and ...
Categories: Development

[haiku-development] Re: Switching back form yasm to nasm (Ingo Weinhold)

Thu, 2014-04-03 20:45
On 26.03.2014 21:05, Jonathan Schleifer wrote: I know that nasm was replaced with yasm some time ago because yasm supported newer instructions, but these days, the situation reversed: Now nasm supports newer instructions. Therefore, I'd like to switch back from yasm to nasm as it provides newer instructions and also offers a disassembler, ndisasm. ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Thu, 2014-04-03 18:45
Am 27.03.2014 um 15:44 schrieb François Revol revol@xxxxxxx: I didn't follow the discussion, but as for me, apart from the SecureBoot crap which as I said is more an instrument of control from Microsoft (actually if you really want to trust the firmware, it must also be free software like Coreboot, not a blackbox), I'm interested in making NSA's job harder just because their job is in most cases illegal (and with the complicity of my own government it seems), and I believe we have the right to privacy and we must defend it. ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Thu, 2014-04-03 18:45
Am 27.03.2014 um 15:39 schrieb Fredrik Holmqvist fredrik.holmqvist@xxxxxxxxx: If you are still interested I recommend start coding and take the technical discussion directly with the few who have shown interest and knowledge in this, and skip this mailing-list. There's not much point in just starting something like that. If you don't talk about it before, it might never get merged and you just wasted your time. If you don't talk about it, there might also be a fundamental flaw - and you wasted your time. ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Thu, 2014-04-03 16:45
Am 27.03.2014 um 15:14 schrieb Stephan Aßmus superstippi@xxxxxx: Please point out in the thread where anybody said security is pointless. People don't want to live with certain restrictions. Some of which seemed to be implied by your design, like an encrypted disk. That just means that some of this stuff needs to be optional or have ways for the user to override. That's all. I never said an encrypted disk is necessary to use Haiku. I said it's necessary *if we ever decide to go the SecoreBoot route*. And not necessary as in a ...
Categories: Development

[haiku-development] Re: Design for signed packages (François Revol)

Thu, 2014-04-03 16:45
On 27/03/2014 15:11, Ari Haviv wrote: On Thu, Mar 27, 2014 at 8:28 AM, Jonathan Schleifer js-haiku-development@xxxxxxxxxxx wrote: I deleted the branch now as people are clearly offended by even only having the minimum level of security that even Windows offers since Windows XP (optionally signed executables, optionally signed drivers, signed updates) - and that was introduced 14 years ago - and prefer to repeat the security disaster of Windows 98. Users wouldn't even have noticed that packages are signed unless they installed a hpkg from a 3rd party without ...
Categories: Development