[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Automatic downloading of non-free software by stuff in main

> I don't know how does it work in reality but the Windows way to mark
> downloaded files is actually to put a zone number into the attribute,
> and
> zones are that thing that theoretically distinguishes between local
> sites,
> internet sites, trusted sites etc.:
> https://msdn.microsoft.com/en-us/library/ms537183.aspx
> I'm not sure if anything really uses that.

Found it.

"Software Restriction Policies" can trigger off of 4 types of rules,
one of which is Internet zone.


Being able to have Apparmor or SELinux rules that trigger off of 
user.xdg.origin.url values would be nice.

Would that be a way to implement the "no non-free software rule" Ian
Jackson originally asked for? A security policy that only allows
opening executables from "free software" sources? (I see issues with
recognizing firmware though, also that goal would probably be better
served by not downloading the file in the first place.)

As for origin.url, we still have a lot of work just defining when the
attribute should be saved, when it should stay attached to copies, and
when it should be stripped.


Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: