undefined | Better HN

0 pointsCGamesPlay4mo ago0 comments

The linking step isn't even required. You can download any existing binary and codesign it yourself with your local developer certificate. You can even overwrite the existing signature.

I assume brew could even automate this, but are choosing not to for whatever reason.

0 comments

pbronez4mo ago

If Homebrew auto-signed third-party code, that puts them on the line for the security of that code. The whole point of MacOS developer certificates is to increase the trustworthiness of the software you run on your machine. The trust comes from the formal relationship between Apple and the software developer, which includes a traceable financial transaction. If signed software proves to be malicious, attribution is trivial.

If the homebrew team signed everything, they would immediately become a target for bad actors. The bad actors would flood homebrew with malicious binaries, which homebrew would auto-sign, users would download & run, and the bad actors would laugh all the way to the bank.

CGamesPlayOP4mo ago

Yeah, makes sense Homebrew doesn't sign everything with their own certs. I was suggesting that Homebrew could run codesign locally with the user's local certificate as part of the install process.

> The bad actors would flood homebrew with malicious binaries, which homebrew would auto-sign, users would download & run, and the bad actors would laugh all the way to the bank.

Every software distributor has this problem, code-signed or not. This is either already happening to Homebrew (and not using code signing) or there's some other reason that it isn't happening.

bloppe4mo ago

> The whole point of MacOS developer certificates is to increase the trustworthiness of the software you run on your machine.

Tim Cook is laughing all the way to the bank on that one

j / k navigate · click thread line to collapse