On Sat, Jan 10, 2009 at 02:03:00AM -0500, Thor Lancelot Simon wrote:
> Code signing requires both the definition of a means for associating
> signatures with code (easy, if you're willing to use separate files,
> at which point you basically just have veriexec; hard, otherwise) and
> the definition of sensible policies for making and using code
> signatures in the base system.
>
> If we had any of those things, we would already have everything we
> needed in the base system by way of nbsvtool.
FYI, the Solaris approach to signed ELF binaries:
http://blogs.sun.com/darren/entry/signed_solaris_10_binaries
--
-- Lubomir Sedlacik <salo@{NetBSD,Xtrmntr,silcnet}.org> --
Attachment:
pgpAlwrz5EmJP.pgp
Description: PGP signature