On Sun, 31 Oct 2010 14:24:59 BST, Christian Sciberras said: > In my opinion, all in all, you're creating a yet another overly complex > system with as yet more possible flaws. > Don't forget tat each new line of code is a potential attack vector which > affects any system.
Amen to that. A more subtle issue is the tradeoff issue: Any time they have a code engineer spending time building and feeding that code-signing infrastructure is time that code engineer *isn't* spending writing actual new features the users *want*. Which user-requested feature are you going to heave over the side in order to do code-signing instead? That question has to enter into the calculus as well.
pgp8DYqFT5Rbt.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
