.desktop crypto signatures
joebaker at dcresearch.com
Tue Mar 28 19:31:15 EEST 2006
What if we had an internal field called xdgsignature = which would be a
cryptographic signature from the os that the user had given authority to
make the .desktop file usable..
You would create the whole .desktop file without the xdgsignature =
entry, then hash it , sign it with either with a system root key or a
user key then add the resulting fingerprint. This would also close a
loophole where mischievous programs might try to tamper with existing
.desktop files which already have proper permissions.
More information about the xdg