|
|
|
|
|
|
by theamk
2382 days ago
|
|
|
Re (1), when you say "don't allow programs that can execute arbitrary, unsigned/unverified code" -- does this mean we are blocking all scripting languages? For (2) and (3), I agree that capabilities and containers are very important, but they are not really related to code-signing -- either python is signed or not. So I don't see how code signing + python can co-exist? Once you allowed your python (ruby, perl) binary, the "binary whitelist" is pretty useless. Seem like other technologies -- like containers, sandboxes, SELinux-like labeling etc -- is the only way to go. |
|
|
(the signature appears as a comment block in the file in that case, and is then checked by the system for Windows built-in scripting languages)