Development mailing list

Syndicate content
Archive of posts for haiku-development at FreeLists
Updated: 1 hour 34 min ago

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Thu, 2014-04-03 18:45
Am 27.03.2014 um 15:44 schrieb François Revol revol@xxxxxxx: I didn't follow the discussion, but as for me, apart from the SecureBoot crap which as I said is more an instrument of control from Microsoft (actually if you really want to trust the firmware, it must also be free software like Coreboot, not a blackbox), I'm interested in making NSA's job harder just because their job is in most cases illegal (and with the complicity of my own government it seems), and I believe we have the right to privacy and we must defend it. ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Thu, 2014-04-03 18:45
Am 27.03.2014 um 15:39 schrieb Fredrik Holmqvist fredrik.holmqvist@xxxxxxxxx: If you are still interested I recommend start coding and take the technical discussion directly with the few who have shown interest and knowledge in this, and skip this mailing-list. There's not much point in just starting something like that. If you don't talk about it before, it might never get merged and you just wasted your time. If you don't talk about it, there might also be a fundamental flaw - and you wasted your time. ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Thu, 2014-04-03 16:45
Am 27.03.2014 um 15:14 schrieb Stephan Aßmus superstippi@xxxxxx: Please point out in the thread where anybody said security is pointless. People don't want to live with certain restrictions. Some of which seemed to be implied by your design, like an encrypted disk. That just means that some of this stuff needs to be optional or have ways for the user to override. That's all. I never said an encrypted disk is necessary to use Haiku. I said it's necessary *if we ever decide to go the SecoreBoot route*. And not necessary as in a ...
Categories: Development

[haiku-development] Re: Design for signed packages (François Revol)

Thu, 2014-04-03 16:45
On 27/03/2014 15:11, Ari Haviv wrote: On Thu, Mar 27, 2014 at 8:28 AM, Jonathan Schleifer js-haiku-development@xxxxxxxxxxx wrote: I deleted the branch now as people are clearly offended by even only having the minimum level of security that even Windows offers since Windows XP (optionally signed executables, optionally signed drivers, signed updates) - and that was introduced 14 years ago - and prefer to repeat the security disaster of Windows 98. Users wouldn't even have noticed that packages are signed unless they installed a hpkg from a 3rd party without ...
Categories: Development

[haiku-development] Re: Design for signed packages (Fredrik Holmqvist)

Wed, 2014-04-02 11:45
2014-03-27 15:00 GMT+01:00 Jonathan Schleifer js-haiku-development@xxxxxxxxxxx: I didn't think that I would spend more time justifying myself why I want signed packages than actually implementing it. If I would have spent all that time that I had to justify myself, we'd already have package signing. Keep in mind that anyone registered to the mailing list can post here, so there may be mail from people who has little to say in haiku development or knowledge of the matter at hand. There are probably many devs, like myself, who think signed packages ...
Categories: Development

[haiku-development] Re: Design for signed packages (Stephan Aßmus)

Wed, 2014-04-02 09:45
Hi, Meta-discussions... Am 27.03.2014 15:00, schrieb Jonathan Schleifer: Am 27.03.2014 um 14:24 schrieb Stephan Aßmus superstippi@xxxxxx: Why do you even start a discussion when you are not prepared to ...
Categories: Development

[haiku-development] Re: Design for signed packages (Ari Haviv)

Wed, 2014-04-02 05:45
On Thu, Mar 27, 2014 at 8:28 AM, Jonathan Schleifer js-haiku-development@xxxxxxxxxxx wrote: I deleted the branch now as people are clearly offended by even only having the minimum level of security that even Windows offers since Windows XP (optionally signed executables, optionally signed drivers, signed updates) - and that was introduced 14 years ago - and prefer to repeat the security disaster of Windows 98. Users wouldn't even have noticed that packages are signed unless they installed a hpkg from a 3rd party without using a repository, but clearly, people feel offended by even the thought ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Wed, 2014-04-02 03:45
Am 27.03.2014 um 14:24 schrieb Stephan Aßmus superstippi@xxxxxx: I am sorry you are frustrated and carried through with this reaction. You had announced your intended deletion in IRC last night, and even though Axel and myself (maybe more) told you there is no general objection against anything security-related and you might read something into replies which was not intended by their authors, you decided to delete your branch anyway. The branch only had Ed25519 integrated into the Haiku source and some Ed25519 modifications, plus it needed more modifications to be usable, so it was not ...
Categories: Development

[haiku-development] Re: Design for signed packages (Stephan Aßmus)

Wed, 2014-04-02 01:45
Am 27.03.2014 13:28, schrieb Jonathan Schleifer: Am 27.03.2014 um 04:02 schrieb SMC.Collins smc.collins@xxxxxxxxxxx: +1 (this is actually the only email I really read :P) Y'all would do well to read if you haven't already. -waddlesplash ...
Categories: Development

[haiku-development] Re: Design for signed packages (SMC.Collins)

Tue, 2014-04-01 23:45
I deleted the branch now as people are clearly offended by even only having the minimum level of security that even Windows offers since Windows XP (optionally signed executables, optionally signed drivers, signed updates) - and that was introduced 14 years ago - and prefer to repeat the security disaster of Windows 98. Users wouldn't even have noticed that packages are signed unless they installed a hpkg from a 3rd party without using a repository, but clearly, people feel offended by even the thought that there is cryptography involved ...
Categories: Development

[haiku-development] Re: Design for signed packages (Fredrik Holmqvist)

Tue, 2014-04-01 21:45
2014-03-27 13:28 GMT+01:00 Jonathan Schleifer js-haiku-development@xxxxxxxxxxx: I deleted the branch now as people are clearly offended by even only having the minimum level of security that even Windows offers since Windows XP (optionally signed executables, optionally signed drivers, signed updates) - and that was introduced 14 years ago - and prefer to repeat the security disaster of Windows 98. Users wouldn't even have noticed that packages are signed unless they installed a hpkg from a 3rd party without using a repository, but clearly, people feel offended by even the thought that there is cryptography involved that makes sure that the updates you install are ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Tue, 2014-04-01 19:45
Am 27.03.2014 um 04:02 schrieb SMC.Collins smc.collins@xxxxxxxxxxx: +1 (this is actually the only email I really read :P) Y'all would do well to read if you haven't already. -waddlesplash I read that article and it rings of unix concerns, concerns mainframes at banks have. Here is what users want, a OS they can install on hardware , vm etc, and to not have to be hassled with constant certificate updates, passwords etc. ...
Categories: Development

[haiku-development] Re: Design for signed packages (SMC.Collins)

Tue, 2014-04-01 19:45
+1 (this is actually the only email I really read :P)Y'all would do well to read if you haven't already. -waddlesplash I read that article and it rings of unix concerns, concerns mainframes at banks have. Here is what users want, a OS they can install on hardware , vm etc, and to not have to be hassled with constant certificate updates, passwords etc. ...
Categories: Development

[haiku-development] Re: Design for signed packages (waddlesplash)

Tue, 2014-04-01 13:45
On 3/26/2014 4:48 PM, Urias McCullough wrote: I'm pretty sure most people are skimming this entire discussion because it's amazingly heavy on paranoia, and doesn't really focus on the most common attack scenarios at all. I know I've been mostly Mark as read on the threads personally, and I'm starting to consider some gmail filters to round-file a large part of it. ...
Categories: Development

[haiku-development] Re: hpkgs and compression (Ingo Weinhold)

Tue, 2014-04-01 09:45
On 26.03.2014 16:51, David Given wrote: On 3/25/14, 8:59 PM, Ingo Weinhold wrote: [...] Yes, the start of the data is always page-aligned. What I meant is making contained data structures 8-byte aligned, like the start of the heap, the TOC, etc. ...
Categories: Development