Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If there isn't a reasonable timeout set, that does sound like a bug. More than 2 seconds sounds pretty unreasonable to me (possibly should be even less), for a service that is willing to no-op give up when there is no network. Someone would have to do some reverse engineering/debugging maybe by observing/manipulating network traffic to be sure what is going on there, unless Apple wants to tell us but I suspect the suspicious wouldn't believe them.

Missing or too-high timeout should be fixed, but I don't think that'd be enough to to satisfy critics in this thread? Would it you?

[Not setting a timeout on a network request is a common bug in, say, web development. It does make me lose some confidence in Apple's technical abilities if they make that bug in a place with such high consequences. But that's different than ill-intent or a privacy violation]

People seem to object to the basic idea of OCSP, which I think means objecting to the basic idea of app signing.

App signing seems reasonable to me (although it is important to me there be a way for users to choose to launch un-signed apps; there still is in MacOS). And OCSP seems important part of a app signing implementation. Improvements to the particular OCSP implementation for both privacy and performance may be advisable though.



>People seem to object to the basic idea of OCSP, which I think means objecting to the basic idea of app signing.

I am. It's one of the reasons I ditched OS X when 10.7 came out despite using Mac OS since 7.6. It's nobody else's business what I run on my machine.


> Missing or too-high timeout should be fixed, but I don't think that'd be enough to to satisfy critics in this thread? Would it you?

A fix in /etc/hosts is all I needed, but if there was a timeout of 2 seconds I wouldn't even notice the problem -> so I wouldn't block notarization.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: