Benedikt Meurer wrote: >I'd propose to optionally include a digital signature for the Exec field >(i.e. add an ExecSignature field to the spec) and let the file manager >ask the user whether he/she trusts the signee or popup a warning if no >signature is present. Distributions should then ship with a good default >set of trusted certificates (i.e. for Gnome, KDE, Xfce, etc.), so users >shouldn't see the warning unless they're trying to execute a >virus.desktop or a .desktop file whose signee is not yet in the trustdb.
[I'm not trying to shoot your idea down; I'm just raising some discussion
points]
How would this work for user-created files? Should the desktop
automatically sign the files? Should we require each and every user to
have a GPG key?
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
thiago.macieira (AT) trolltech.com Trolltech AS
GPG: 0x6EF45358 | Sandakerveien 116,
E067 918B B660 DBD1 105C | NO-0402
966C 33F5 F005 6EF4 5358 | Oslo, Norway
pgpglxwNivfhC.pgp
Description: PGP signature
_______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
