vladimiry / ElectronMail

Unofficial ProtonMail Desktop App
GNU General Public License v3.0
1.5k stars 97 forks source link

Code Signing on macOS #436

Closed ELLIOTTCABLE closed 3 years ago

ELLIOTTCABLE commented 3 years ago

Hi. Is there any chance we could get the macOS releases code-signed? For a security-related product like this, it's super-important; even if it's cross-platform, and you don't really want to focus on macOSisms, it'd make a huge deal to all of us.

(If the Apple yearly fee is a concern, I'm happy to talk about some possible solutions to that; let me know and I'll drop some contact-info.)

vladimiry commented 3 years ago

Hi. I understand that it's annoying to get warnings on macOS & Windows system.

It's currently possible to verify the authenticity of the shared installation packages and more importantly the fact that those packages have been actually assembled from the shared code, via the hash sums which get printed to console by CI job, see #183 for details. This has to be verified manually though, at the moment.

I will merge this issue with #219.

If the Apple yearly fee is a concern

That would, unfortunately, be not just like a one-off money concern but also a maintenance burden increasing matter. Sort of thing that I'm not ready to be committed to at this time, as this project is not a product.

For a security-related product like this

Not a product. Yes, there are security elements involved, but the overall focus is enhancing the user experience of using the proton service on the desktop.

ELLIOTTCABLE commented 3 years ago

So, the thing is, this isn't just about actually validating the security — although that's an important step, as well (and I do not think one that a "roll-your-own" solution like hashes in CI output really satisfies!). Instead, it's a concern of user-experience, marketing, and accessibility: security isn't valuable if it's only available to experts; security must be designed for all comers.

i.e.: No, "it's not a product" is not remotely a good enough excuse.

Anyway, that said, I understand there are fundamental theoretical differences between how you and I approach security; and that's okay — I don't mean the above as a value-judgement against you yourself; and I also certainly and intimately understand WONTFIXes and out-of-scope as a fellow maintainer of OSS. I wish you all the best even if this particular Issue won't become resolved. Fly safe! o7

vladimiry commented 3 years ago

I do not think one that a "roll-your-own" solution like hashes in CI output really satisfies!

It has not been named as a solution, but a way, so more like a workaround since requires manual effort.

it's a concern of user-experience, marketing, and accessibility:

Clearly quite important things for the product.

i.e.: No, "it's not a product" is not remotely a good enough excuse.

I didn't think I was looking for an excuse but highlighting the fact. Although I admit I might be wrongly understood sometimes since English is not my first language (yes this is an excuse this time).

Anyway, that said, I understand there are fundamental theoretical differences between how you and I approach security; and that's okay — I don't mean the above as a value-judgement against you yourself; and I also certainly and intimately understand WONTFIXes and out-of-scope as a fellow maintainer of OSS. I wish you all the best even if this particular Issue won't become resolved. Fly safe! o7

Thanks for understanding. I would also not judge someone's security approach just by some open-source, not a product-like project as this would look like a room for a better understanding of the nature of such kinds of projects. It's a given thing, keeping publicly maintaining of which requires striking the balance between the aspects of quite different matters.

Anyway, thanks for raising the valid concern. I'm aware of it and I'm not ready to move forward with the process of resolving it.