Carlos E. R. wrote:
The Wednesday 2008-07-09 at 11:00 +0100, Dave Howorth wrote:
It would be more efficient to have the download program check what its downloads automatically.
Yes but then you have to know all the download mechanisms that all your users use and know that none of them are compromised. Hans' method lets you centralise the checking so you can be more sure of it.
Yes, but... I can download to any directory. I would have to activate on-scan-access on my entire /home, which is some thing I refuse to endure for the loss of perfomance it means.
I guess you have different use cases. I suspect you care about a single user who you would trust to make correct use just of certified download programs. I suspect Hans has lots of users that he doesn't really trust at all (to be good, knowledgeable and careful :) Limiting the download area is IMHO a good option to be able to enforce a security policy with only slight inconvenience for users (one extra copy operation) and no requirement for perfect behaviour from the users'. Cheers, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org