Re: New method to load user bundles

[Jeff Teunissen]

Martin Brecher wrote:

[snip]

> Pascal Bourguignon wrote:
> |
> |
> | Yes, this is very important.  A  whole class of viruses and malware on
> | MacOS could run this way,  merey being present in some resource files,
> | because the system would open them automatically and they would shadow
> | application resources.
> |
> | You cannot let code being automatically loaded and run like that!
> |
> | If we  allow the  user to configure  such a  GSAppKitUserBundles, that
> | means that  he could download  unconspiciously some malware  doing the
> | same.  Then a suid application  should have the mean to protect itself
> | from such malware.
> |
> 
> Personally, I don't see why this defaults value gets that much security
> related attention now.

This isn't security-related attention.

Everybody knows that if you load bundles, you are giving away the keys to
the castle -- that's why you don't load them in certain apps, and would
have to be a damn fool to do so.

This takes that decision away from authors. With GSAppKitUserBundles, you
have no choice. You have no way to "secure" any application from
modification, because the user can rewrite your application. No copy
protection, because it can be bypassed with bundles. It effectively
eliminates the possibility for closed-source GNUstep desktop software to
exist.

But hey, if you want that, go ahead. I thought some of you wanted more
support, though.

[snip]

-- 
| Jeff Teunissen  -=-  Pres., Dusk To Dawn Computing  -=-  deek @ d2dc.net
| GPG: 1024D/9840105A   7102 808A 7733 C2F3 097B  161B 9222 DAB8 9840 105A
| Core developer, The QuakeForge Project        http://www.quakeforge.net/
| Specializing in Debian GNU/Linux              http://www.d2dc.net/~deek/