On 7/17/08 4:59 PM, "Damien Sorresso" <email@hidden> wrote:
> I'm not trying to say that this issue doesn't exist or that it's not a
> problem. I just think you're looking for a solution in the wrong
> place. A more appropriate solution may be having LaunchServices check
> for updates on behalf of each application that opts in before
> exec(2)ing it. The developer could specify keys and comparisons to
> make (such as "Update if the 'HasVulnerabilities' key from the server
> is TRUE") in a property list somewhere. It could be as flexible or
> rigid as needed.
This sounds like it would work. I would want the flexibility s.t. an
administrator (or a user) could say that they were only willing to run
applications that have a update-info or vulnerability-info location in its
plist AND that it's signed AND the signature is valid AND (the
vulnerability-info is unavailable, e.g., to network outage OR the
vulnerability-info, potentially cached at some interval, much like OCSP
does, I believe, shows no vulnerabilities).
> In any case, if you like that idea, I'd file a Radar. If you do,
> please post the number. :)
Wilco.
--
Nathan Herring
com.microsoft.devdiv.clr.os/development
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
This email sent to email@hidden
