lunes, 21 de marzo de 2016

Security: antiX 15.1 and MX-15 Devs Now Sign their ISO Files

After the hacking of Linux Mint's site, other Linux developers have been thinking about an extra layer of security to ensure that what the end user downloads is actually what the original developers uploaded.

In the case of antiX and MX-15, this new security layer has taken the shape of signed ISO files.  This way, users can verify if their downloads are the real ones of if they have been tampered somehow.

This represents a little more complication for the end user, of course.  He or she will have to import the signature and then check that the ISO file matches that signature.  That, in turn will translate in seeing messages like:

Good signature from "aaaaaaa"
WARNING: This key is not certified with a trusted signature!
There is no indication that the signature belongs to the owner.

This will disturb some, of course. I can almost hear some people complaining that this is too complicated and that the messages are annoying or scary.  They may even argue that devs shouldn't bother users so much with their inconvenient ideas.

I guess they are the kind of people that will leave their cars open and already started, the front doors of their houses unlocked, and their children unattended because doing all that is extremely inconvenient.

Security and comfort don't seem to go side by side all the time.

1 comentario:

  1. True. I fear too many people forget that information is worth a lot of money in the information age.