Kodi Community Forum

Kodi Community Forum > Support > General Support > Mac OS X > Serious Security Concern suggested by dev team
Full Version: Serious Security Concern suggested by dev team
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

ninjachappe

2014-01-01, 23:09
Hello,

Thank you first for all the hard work!!

Just one major comment, you write this: "Alternatively, you can go to System Preferences -> Security & Privacy -> General. From there, unlock the lock at the bottom of the window and “Allow apps downloaded from: Anywhere.” This second method is the preferred method, as you will no longer be bothered for future XBMC updates."

This is a serious security threat. It would be better if you could get XBMC signed properly, but never suggest the above, since it would open up for Malware, Virus and other Trojan Crap, since then anything would be allowed to run…

Cheers,
Peter

Ned Scott

2014-01-02, 01:57
Sorry, but that's a load of bull. Don't spread this FUD. OSX still asks users for permission to run new apps, users still have to specifically download the app in the first place, and Gatekeeper's more aggressive settings are just to help less technical users. That's all it does. It does not actually prevent unsigned code from running on OSX, just some of the installation methods, which can actually be bypassed in some cases. It's casual protection at best.

ninjachappe

2014-01-02, 09:26
I am just saying that there is a reason it is there, and why not just have XBMC signed??

nickr

2014-01-02, 10:20
Signed by who?

pecinko

2014-01-02, 19:35
(2014-01-02, 10:20)nickr Wrote: [ -> ]Signed by who?

I would suggest the same guy who signed VLC.

nickr

2014-01-02, 21:27
Who was that?

Memphiz

2014-01-04, 20:22
We are open source we will never sign any binaries. Live with that or don't use it.

pecinko

2014-01-04, 20:30
(2014-01-04, 20:22)Memphiz Wrote: [ -> ]We are open source we will never sign any binaries. Live with that or don't use it.

We can but we won't as anybody can have a look at source themselves?

davilla

2014-01-04, 20:53
no signing, end of discussion, move along, nothing more to see here.

msarro

2014-01-04, 21:41
Signing is a gateway to squeezing cash out of developers, and nothing more. It is not a serious threat in any way, shape, or form to run unsigned binaries. All it means is the developers of a signed binary have paid someone to get their binary signed. That's it. I could write malware and pay to get it signed if I wanted to.

The whole "its a security feature!" is just what we in the industry call "security theater." It looks to the lay person like it adds security, but it really does nothing.
Kodi Community Forum > Support > General Support > Mac OS X > Serious Security Concern suggested by dev team