coapp-developers team mailing list archive

[Garrett Serack <garretts@xxxxxxxxxxxxx>]

What specifically do you mean by compromised?

If you mean defective, well, that is a small potential problem. It is in any system.

If you mean that a package is published and someone is trying to pass it off as someone else's package, well that's why we have a requirement for a publisher to digitally signing the code.  If they lose control of their signing keys, we laugh and all code published with their cert after the loss of control can be killed by revoking the certificate, and/or implement a killbit system (since we can identify WinSxS libraries uniquely). 

Actually, we should probably build a killbit system regardless, as it can assist in the defective case too.

And, yes WU can install drivers and code from third parties; which is why they require any binaries passing thru WU to be signed and run thru a bunch of validation tools.



Garrett Serack | Open Source Software Developer | Microsoft Corporation 
I don't make the software you use; I make the software you use better on Windows.


-----Original Message-----
From: Olaf van der Spek [mailto:olafvdspek@xxxxxxxxx] 
Sent: Friday, April 16, 2010 9:53 AM
To: Garrett Serack
Cc: coapp-developers@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Coapp-developers] Bundling x64 and x86 binaries in the same library package?

On Fri, Apr 16, 2010 at 6:48 PM, Garrett Serack <garretts@xxxxxxxxxxxxx> wrote:
> And really, that's how Windows Update works anyway... we might as well learn from that.

WU doesn't install code published by third-parties, does it?

> Without that, we'd be forced to Admin-only installs of shared libraries, since there is no way to handle WinSxS without it.
>
> The install client will be doing package verification before it installs it, and it can limit its admin-level install to shared libraries (the only thing that needs it).

What if such a library is compromised? Won't it affect other users on the system?

Olaf