Thiago Macieira wrote: >>I'd propose to optionally include a digital signature for the Exec field >>(i.e. add an ExecSignature field to the spec) and let the file manager >>ask the user whether he/she trusts the signee or popup a warning if no >>signature is present. Distributions should then ship with a good default >>set of trusted certificates (i.e. for Gnome, KDE, Xfce, etc.), so users >>shouldn't see the warning unless they're trying to execute a >>virus.desktop or a .desktop file whose signee is not yet in the trustdb. > > [I'm not trying to shoot your idea down; I'm just raising some discussion > points] > > How would this work for user-created files? Should the desktop > automatically sign the files? Should we require each and every user to > have a GPG key?
We could simply use the key of the user if any, and otherwise generate a key on-the-fly for the user. Once an attacker/virus has access to the generated key, it's already too late to think about security holes in .desktop files, so that should work pretty well. Benedikt _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
