.desktop crypto signatures

[Joe Baker]

What if we had an internal field called xdgsignature = which would be a
cryptographic signature from the os that the user had given authority to
make the .desktop file usable..

You would create the whole .desktop file without the xdgsignature =
entry, then hash it , sign it with either with a system root key or a
user key then add the resulting fingerprint.  This would also close a
loophole where mischievous programs might try to tamper with existing
.desktop files which already have proper permissions.

-Joe Baker