Serious Security Concern suggested by dev team
ninjachappe
Newbie
Posts: 2
#1
2014-01-01, 23:09
Hello,

Thank you first for all the hard work!!

Just one major comment, you write this: "Alternatively, you can go to System Preferences -> Security & Privacy -> General. From there, unlock the lock at the bottom of the window and “Allow apps downloaded from: Anywhere.” This second method is the preferred method, as you will no longer be bothered for future XBMC updates."

This is a serious security threat. It would be better if you could get XBMC signed properly, but never suggest the above, since it would open up for Malware, Virus and other Trojan Crap, since then anything would be allowed to run…

Cheers,
Peter
Find
Reply
Ned Scott
Banned
Posts: 31,445
#2
2014-01-02, 01:57
Sorry, but that's a load of bull. Don't spread this FUD. OSX still asks users for permission to run new apps, users still have to specifically download the app in the first place, and Gatekeeper's more aggressive settings are just to help less technical users. That's all it does. It does not actually prevent unsigned code from running on OSX, just some of the installation methods, which can actually be bypassed in some cases. It's casual protection at best.
Find
Reply
ninjachappe
Newbie
Posts: 2
#3
2014-01-02, 09:26
I am just saying that there is a reason it is there, and why not just have XBMC signed??
Find
Reply
nickr
Retired Team-Kodi Member
Posts: 19,982
#4
2014-01-02, 10:20
Signed by who?
If I have helped you or increased your knowledge, click the 'thumbs up' button to give thanks :) (People with less than 20 posts won't see the "thumbs up" button.)
Find
Reply
pecinko
Donor
Posts: 3,956
#5
2014-01-02, 19:35
(2014-01-02, 10:20)nickr Wrote: Signed by who?

I would suggest the same guy who signed VLC.
My skins:

Amber
Quartz

Find
Reply
nickr
Retired Team-Kodi Member
Posts: 19,982
#6
2014-01-02, 21:27
Who was that?
If I have helped you or increased your knowledge, click the 'thumbs up' button to give thanks :) (People with less than 20 posts won't see the "thumbs up" button.)
Find
Reply
Memphiz
Fully Loaded
Posts: 16,946
#7
2014-01-04, 20:22
We are open source we will never sign any binaries. Live with that or don't use it.
AppleTV4/iPhone/iPod/iPad: HowTo find debug logs and everything else which the devs like so much: click here
HowTo setup NFS for Kodi: NFS (wiki)
HowTo configure avahi (zeroconf): Avahi_Zeroconf (wiki)
READ THE IOS FAQ!: iOS FAQ (wiki)
Find
Reply
pecinko
Donor
Posts: 3,956
#8
2014-01-04, 20:30
(2014-01-04, 20:22)Memphiz Wrote: We are open source we will never sign any binaries. Live with that or don't use it.

We can but we won't as anybody can have a look at source themselves?
My skins:

Amber
Quartz

Find
Reply
davilla
Retired-Team-XBMC Developer
Posts: 11,582
#9
2014-01-04, 20:53
no signing, end of discussion, move along, nothing more to see here.
MediaInfo : http://mediainfo.sourceforge.net/
Find
Reply
msarro
Member
Posts: 89
#10
2014-01-04, 21:41
Signing is a gateway to squeezing cash out of developers, and nothing more. It is not a serious threat in any way, shape, or form to run unsigned binaries. All it means is the developers of a signed binary have paid someone to get their binary signed. That's it. I could write malware and pay to get it signed if I wanted to.

The whole "its a security feature!" is just what we in the industry call "security theater." It looks to the lay person like it adds security, but it really does nothing.
Find
Reply

Home
Search
Help
Logout Mark Read Team Forum Stats Members Help
Serious Security Concern suggested by dev team0