> On Oct 26, 2015, at 10:23 AM, Ian Goldberg <iang@xxxxxxxxxxxxxxx> wrote: > > On Mon, Oct 26, 2015 at 06:06:36AM -0700, Mike Perry wrote: >> Essentially, codesign only touches executable binaries in the .app (see >> that second link for info on how the binary's segments get moved around) >> and also adds an SC_Info directory for codesign/DRM metadata. > > Wait; does that mean that things like configuration files, plugins, etc. > are *not* signed? They are signed. All resources in a bundle (e.g. an app or framework) are signed and the signatures are stored in a file named "CodeResourcesâ: https://developer.apple.com/library/mac/documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html#//apple_ref/doc/uid/TP40005929-CH3-SW1 Conrad
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev