On Tue, 20 Mar 2012 17:40:02 +0000 Kevin Chadwick wrote: > Your right though there's little to > stop another company using safeapps.nets work to get another only > signed by author copy and sign it with supertrus...@safeapp.net.
Also if a verifier builds the source as debian does then it can sign all the files inside the archive or webapp directory etc.. which can't be removed. Though they could possibly get the same source. Note it lends itself to open source but a store could also review a tool in a sandbox or blackbox test and give it a stamp or trust rating. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security