Mastodawn

Misty Aug 8, 2024

Apple. Apple please. You can't use the same short flag for two different things. Apple *please*

Show thread

Citty Aug 8, 2024

@misty "oops, you added another flag, you are now no longer verifying signatures" is a WILD failure mode

Show thread

Zimmie

@citty @misty This is codesign, a tool for generating code signatures. I don’t think any of the other options would make sense with verifying a signature.

Don’t get me wrong, this is incredibly bad design. I just doubt it could be a security hole like you would normally expect not verifying a signature to be.

Show thread

Citty Aug 8, 2024

@bob_zim @misty ah, that makes a bit more sense. Still wild but I take back the all caps

Show thread

Sophie Schmieg Aug 9, 2024

@bob_zim @citty @misty what if I want verbose information about the signature verification?

Show thread

Migrated to @[email protected] 🏳️‍🌈🎃🇧🇷Luana🇧🇷🎃🏳️‍🌈Aug 9, 2024

@misty @bob_zim @citty @sophieschmieg -v -v

Show thread

Zimmie Aug 9, 2024

@sophieschmieg @citty @misty Ask your doctor if long options are right for you!

I don’t know if the signature verification can get more verbose. I also don’t ever trust a ‘-v’ option because it means “invert” on destructive commands way too frequently:

> pkill -v firefox
What the user means: Kill all the firefox processes and list the ones you kill, like ‘rm -v’.
What the user gets: Okay! Killing everything except Firefox!

Show thread

Angry Centrist Aug 9, 2024

@sophieschmieg @bob_zim @citty @misty The simplistic thing to try is long form (--verify --verbose) to see if it makes any difference...