Francois Gouget wrote:
Well, in my proposal, only untrusted files need the untrusted EA bit
set. So backward compatibility is not broken.
Right, I'm just exploring ways to achieve that without requiring EAs.
Surely, requiring that web browsers and email tools make all the files
they save executable cannot be good for security...
Only .desktop files, and right now +x on such a file is meaningless anyway.
Which is kind of the opposite of its normal meaning which can be taken
to be 'I trust this file enough that I am willing to execute it'.
Yes, it's unintuitive to reverse the meaning like that, but it does have
the advantage of not requiring EAs (which don't travel through standard
tarballs, network filing systems) and not breaking backwards compatibility.
_______________________________________________
xdg mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/xdg
