Article:  |
Why I Stopped Coding and Why I'd Start Again | |
| Subject: | security problem | |
| Date: | 2007-01-20 03:53:37 | |
| From: | tbuitenh | |
|
Response to: In the language or in the file-system?
|
||
|
I was thinking the same, and there is a filesystem that does this, see zero-install.sourceforge.net . The problem is that it can be difficult to put checksums in a path. Without checksums, a malicious developer might replace a library developed by him by something else, and the system won't notice. Sticking PGP signatures to everything, like zeroinstall does, doesn't help, because you want the developer who typed the "include" to do the signing or checksum, not the one who wrote the library.
|
||
Women in Technology
Hear us Roar
