Stephen, I spoke up because Ben asked if my companies would be willing to sign the OSX installers since we sign the Windows installers. I explained why we sign the Windows installers but not others. I would much rather not be signing the Windows installers but do so knowing that the OpenAFS Foundation is not currently in a position to take over the responsibility.
The legal liability issues is a subject that I have raised since joining the Elders. It was one of the reasons we wanted a stand alone incorporated Foundation instead of an unincorporated association which is how OpenAFS operates today. Being able to sign binaries is also one of the reasons that we could not make use of one of the open source umbrella organizations since those organizations cannot isolate liability risks between projects. Jeffrey Altman On 10/21/2014 12:23 PM, Stephen Joyce wrote: > Jeffrey, > > I'd like to learn more about this. However since you sell a proprietary > fork of OpenAFS, it's difficult to discount your possible incentive to > spread FUD regarding OpenAFS. > > Therefore can you provide URIs with specific information to educate me > (and possibly others) regarding these contractual obligations related to > binary signing? > > Thanks in advance! > > Cheers, > Stephen > > On Tue, 21 Oct 2014, Jeffrey Altman wrote: > >> The use Microsoft cross-signed certificates and Apple signing >> certificates come with contractual obligations specifying the >> circumstances under which signatures may be used. A signature is not >> simply a method of proving that code has not been altered. A signature >> is an indication to a customer that all of the terms of use which might >> include design requirements, QA requirements, certification >> requirements, licensing requirements, etc. are satisfied by the signed >> binary. >> >> Using a Microsoft or Apple signing certificate is not the same as >> signing an object with your own self-generated cert. The certificates >> are trusted by the kernel and do not require subsequent online >> validation. >> >> Jeffrey Altman >> >> >> On 10/21/2014 1:37 AM, Mattias Pantzare wrote: >>> Why would signing of binaries imply anything more that just generate the >>> binaries without signing? The only thing that signing anything adds it a >>> way to prove that nothing has been altered. >>> >>> You are just as open for lawsuits without signing, the only difference >>> is that you can trace the right source more easily with the signing. >>> >>> >>> On Tue, Oct 21, 2014 at 1:16 AM, Jeffrey Altman >>> <jalt...@secure-endpoints.com <mailto:jalt...@secure-endpoints.com>> >>> wrote: >>> >>> On 10/20/2014 3:40 PM, Benjamin Kaduk wrote: >>> > >>> > Some individual or organization will need to step forward to do >>> that >>> > signing; I do not believe that there is an "OpenAFS" organization >>> > currently able or prepared to do so. (Perhaps the Foundation >>> could, but I >>> > am not sure.) >>> >>> The correct entity to do so for OSX and Microsoft Windows and any >>> other >>> platform for which OpenAFS.org will distribute signed binaries is >>> the >>> OpenAFS Foundation. Signing binaries implies an acceptance of >>> liability >>> if those binaries were to cause harm. The OpenAFS Foundation >>> should not >>> sign binaries until it has appropriate insurance coverage in >>> place to >>> protect the release team and the developers that >>> contribute to the release. >>> >>> Your File System Inc. currently signs the Windows installers because >>> those packages are predominantly a product of YFSI developers and >>> it has >>> the appropriate General and Errors and Omissions insurance >>> policies in >>> place to cover any lawsuits that might be initiated. >>> >>> Jeffrey Altman >>> >>> >>> >> >>
smime.p7s
Description: S/MIME Cryptographic Signature
