Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.
- From: Pavel Machek <pavel ucw cz>
- To: Miguel de Icaza <miguel ximian com>, Vladimir Vukicevic <vladimir ximian com>
- Cc: Tuomas Kuosmanen <tigert ximian com>, corsepiu faw uni-ulm de, nautilus-list eazel com, mc gnome org, prion-me-harder ximian com
- Subject: Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.
- Date: Sun, 27 May 2001 13:27:28 +0200
Hi!
> > The windows ILOVEYOU scenario included many many reports of
> > people receiving emails which said "do not open email called
> > iloveyou", but they did anyway because it was "from someone they
> > knew". Not being able to execute simple programs like this
> > trivially puts a barrier in place so that only people who are
> > qualified to execute said program are able to.
>
> Well, if you want total security, dont let any software ever
> downloaded from the network be executed. Turn off java, javascript
> in your browser, do not trust red carpet (after all, DNS attacks are
> possible), do not trust http://go-gnome.com, and if we are in that
> path, how can you trust all the code that is included in an open
> source operating system?
Java and javascript *should* run sandboxed, modulo browser bugs.
If red carpet does not check authenticity using private/public keys;
well, there's bug in red carpet to fix.
The difference between installer and application being installed is
that _installer is likely to mess your system by mistake_. If
application messes your system, it is because it is evil; but it is
hard to create installer that will not mess system. Also installer is
ran as root; while app is running as guest.
Pavel
--
I'm pavel ucw cz "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss linmodems org
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]