[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #6540 [Tor bundles/installation]: Support Mountain Lion Gatekeeper



#6540: Support Mountain Lion Gatekeeper
------------------------------------------+---------------------
     Reporter:  jroith                    |      Owner:  erinn
         Type:  enhancement               |     Status:  new
     Priority:  major                     |  Milestone:
    Component:  Tor bundles/installation  |    Version:
   Resolution:                            |   Keywords:  tbb-3.0
Actual Points:                            |  Parent ID:
       Points:                            |
------------------------------------------+---------------------
Changes (by tom):

 * cc: tom@â (added)


Comment:

 I'd like to add a user experience story:

  I was at a user training, and while we did not cover Tor, it naturally
 came up.  He came up to me afterwards:

  The guy used a Mac, and was not super technically inclined, but knew his
 way around a few things. He successfully downloaded Tor Browser Bundle and
 added it to his dock.

  But when he ran it, he got the warning "This app is signed by an unknown
 developer".  He did not know what it meant, or how to disable it. As it
 was a security feature, he did not want to.  He assumed TBB would not work
 for him.

  I disabled it for him (telling him I would re-enable it when we were
 done), and ran TBB.

 TBB really should be signed.  Legally, Apple's being a giant dick, but I
 think Tor should look hard at this again and either carefully document
 what is objectionable and close this as WONTFIX or execute on it.

 Looking at the above comments, it seems that someone from Tor would need
 to agree, on behalf of Tor, to the Registered Apple Developer Agreement
 and the Mac Developer Program License Agreement.  Note that these
 agreements are separate from the problem of distributing TBB via the App
 Store, where there's some conflict between GPL code and the App Store.

 I read the new Mac Developer Program License Agreement:
 https://developer.apple.com/programs/terms/mac/mac_program_agreement_20140602.pdf
 .  I did not see anything that immediately seemed concerning. Section 2 is
 about not stealing or pirating Apple software, Section 3 is about not
 lying to them, not and (irrelevant) restrictions about the App Store.
 Section 4 is the standard we can update this at any time, Section 5 about
 protecting your cert, using the cert only for legal purposes. Section 6&7
 about the App Store (irrelevant). 8 about Revocation, and the standard
 terms where they might revoke at their whim.  9 about fees, 10 about pre-
 release beta product they make available to you, 11 about indemnification
 for apple, 12 about term length and termination, 13 is no warranty, 14 is
 limitation of liability, 15 about general legal stuff: privacy policy,
 assignment, etc.

 The other agreement is
 https://developer.apple.com/programs/terms/registered_apple_developer_20100301.pdf
 (there might be a newer one?) which I only skimmed, but seemed more about
 protecting apple's beta releases they make available through the beta
 program part of being a registered developer.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6540#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs