.desktop crypto signatures

Joe Baker joebaker at dcresearch.com
Tue Mar 28 19:31:15 EEST 2006

What if we had an internal field called xdgsignature = which would be a
cryptographic signature from the os that the user had given authority to
make the .desktop file usable..

You would create the whole .desktop file without the xdgsignature =
entry, then hash it , sign it with either with a system root key or a
user key then add the resulting fingerprint.  This would also close a
loophole where mischievous programs might try to tamper with existing
.desktop files which already have proper permissions.

-Joe Baker

More information about the xdg mailing list