Mike Hearn wrote: [...]
Here's an idea - the problem with requiring an EA or +x to be set is it breaks backwards compatibility (it'd break Crossover/Wine for one ...).
Well, in my proposal, only untrusted files need the untrusted EA bit set. So backward compatibility is not broken.
But what if the logic is inverted - so the absence of +x means a file is trusted, and web browsers or email programs set +x when they save a file to disk?
Surely, requiring that web browsers and email tools make all the files they save executable cannot be good for security...
The +x bit on a .desktop file in the users home dir is then treated as a "don't trust" marker.
Which is kind of the opposite of its normal meaning which can be taken to be 'I trust this file enough that I am willing to execute it'.
-- Francois Gouget [EMAIL PROTECTED] _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
