But the quoted section above does document the discussion - I said "All executables" and you said "they are". I didn't qualify my statement as "all executables installed using RPM technologies", I said "all executables". :-)
what is an executable? Something with the X bit set? Shell scripts aren't executed, they are interpreted, yet they have the X bit set.. Likewise, I can take a binary, which is executable, and remove the X bit from it, but it is still executable, according to some definition.. I think the idea here is that the program providing protection needs to generate a list of good checksums initially, sign that list, then check against it each time - new programs are queried, the list updated, etc. The obvious problem is this: What if a program you want to use for the first time is actually "infected" (for some definition of infected)? Presumably you'll allow the program, because you, nor your security system, have any way of knowing what the "proper" checksum should be.. I kind of agree with the purists that security should be left to those who understand it, but at the same time, that removes the usefulness of a computer from those who don't understand security, and I also buy the arguments of the pragmatists that to require the end user (ignorant, or otherwise) to understand security is akin to requiring all motorists to understand how their engine works - just not practical these days - and no end user is going to want to do the equivalent of taking their car to the garage to get it services - ie, getting a knowledgable 3rd party in to continually monitor and manage their system - it'd cost too much - the 3rd party would need a huge service desk, and a tightly integrated system so that "problems" (ie, applications requesting access to the net) could be observed and the end user request access, etc, etc, be serviced with minimal delay.. Starting to sound like a bit of a pipe dream.. I don't know what the silver bullet will be - clearly neither approach works right - windows works and is easy, but is as insecure as, well, windows, on the other hand, Linux can be really secure, but ends up being hard to use for the folk who don't want to know what a kernel is, etc, etc.. Phil -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org