On Mon, 2006-04-03 at 19:03 +0200, Thiago Macieira wrote: > Benedikt Meurer wrote: > >I'd propose to optionally include a digital signature for the Exec field > >(i.e. add an ExecSignature field to the spec) and let the file manager > >ask the user whether he/she trusts the signee or popup a warning if no > >signature is present. Distributions should then ship with a good default > >set of trusted certificates (i.e. for Gnome, KDE, Xfce, etc.), so users > >shouldn't see the warning unless they're trying to execute a > >virus.desktop or a .desktop file whose signee is not yet in the trustdb. > > [I'm not trying to shoot your idea down; I'm just raising some discussion > points] > > How would this work for user-created files? Should the desktop > automatically sign the files? Should we require each and every user to > have a GPG key?
Shoulud it be GPG? What about S/MIME? Do we really need a signature and yet another dialog to pop up and annoy the user? Shouldn't we only pop up things like this when we /know/ there is an issue? -- dobey _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
