You're right - I guess that code-signing is only relevant to app files, since the client demands that they be signed.
Nicolás Alvarez wrote: > > But what can a project admin do to enforce there has to be a valid signature > on a certain file? If a project sends its Python scripts signed, what would > stop a hacker from simply sending a workunit that doesn't have a signature at > all in the Python script? > > I think this is relevant to any project where the input file format > is "powerful enough" to cause harm if it's maliciously created. _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
