On Thu, Oct 23, 2014 at 4:02 PM, Andrew Deason <adea...@sinenomine.net> wrote: .... > For all of these situations where the Foundation would provide the > ability to sign binaries, there are those legal considerations, then, > but also other things. The Foundation needs to have a point of contact > for any of these, and needs to go through the process of signing up for > the relevant service and buying the relevant certificates/keys, etc. We > also need to have a place or person(s) to store the secret keys; if > they're not stored securely, they obviously do no good. It also needs to > be clear how they will get used to sign the binary releases (who gets > access to the keys for signing).
And this is one place things can get "interesting". Let us imagine someone is evil, and their intent is crack into a major corporation that uses OpenAFS. One might target obtaining that kext signing certificate. Because that key can be used to bypass all of the protections that Mac OS X provides. It is a "key to the kingdom". Now, if that major corporation gets cracked via a kext that was signed using the OpenAFS certificate, and all their secrets get stolen, they *may* decided to go after those that allowed it to happen. That might be the OpenAFS foundation. And their board members, and whomever signed the kext. And perhaps more (remember, you are looking for the "deep pockets" for collection, or at least show that you took the crack seriously, and are going all out to recoup your losses). If the OpenAFS foundation cannot show that they had strong processes in place to protect that certificate and use it only in an appropriate and approved manner since this is likely going to be considered a "foreseeable event" their legal team would possibly be at a disadvantage. And that is why a foundation is likely to need (at least) Professional Liability Insurance, Directors and Officers Insurance, and Produce Liability Insurance (as I believe Jeff mentioned). And the costs for those are going to depend on what liabilities one is accepting, and what processes one can show are used to limit disclosure of any such certificate. It might even require the foundation to run their own signing infrastructure (as many large organizations do). All of which likely requires legal and auditor review. Welcome to some of the true costs of operating a non-profit in a litigious society. Sure, that scenario might not happen. One might even argue that it is unlikely (and it probably is). But then again, would you want to be the board member individually sued if it does, and the foundation does not provide adequate D&O insurance? And that does not even get into an alternative possibility that some future (well meaning, good intentioned) change breaks in Mac OS X, and someone decides to sue the foundation for losses (in most jurisdictions, the cost to file is low; some people do it just for sport. Defending is never as cheap as the filing). Again, seek actual legal advice. Nothing said on this list is (necessarily) valid for your specific situation. Especially nothing I am saying. The board will need to accept some risks for the foundation. Signing kexts may be one of them. Or, perhaps, it is a risk too far at this time. Your lawyer can assist you in navigating this process. Choose well. Gary _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
