Adobe isn’t a os or hardware platform and Authenticode is shit (saying that as the ex PM for it) the os and boot loader code signing processes are not p12s stored in source control.
Right, but you believe build infra and package signing to be good enough today. It seems unreasonable to say it has to be more secure than that, otherwise it seems like an idealogical objection rather than a technical one (which is fine too, but you said that's not the reason).
-
-
Today bootloaders ans OS files are signed by a limited set of authorized people within the company creating the offering. Not got arbitrary third parties across the globe, those individuals identity, affiliation and entitlement must be verified; this is new.
-
That's only partially true, but even if we accept it for discussion, they still just grab those blobs from the build infra, right?
- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.