> I don't know how does it work in reality but the Windows way to mark > downloaded files is actually to put a zone number into the attribute, > and > zones are that thing that theoretically distinguishes between local > sites, > internet sites, trusted sites etc.: > https://msdn.microsoft.com/en-us/library/ms537183.aspx > I'm not sure if anything really uses that. Found it. "Software Restriction Policies" can trigger off of 4 types of rules, one of which is Internet zone. https://technet.microsoft.com/en-us/library/cc786941(v=ws.10).aspx Being able to have Apparmor or SELinux rules that trigger off of user.xdg.origin.url values would be nice. Would that be a way to implement the "no non-free software rule" Ian Jackson originally asked for? A security policy that only allows opening executables from "free software" sources? (I see issues with recognizing firmware though, also that goal would probably be better served by not downloading the file in the first place.) As for origin.url, we still have a lot of work just defining when the attribute should be saved, when it should stay attached to copies, and when it should be stripped. Diane
Attachment:
signature.asc
Description: This is a digitally signed message part