coapp-developers team mailing list archive
-
coapp-developers team
-
Mailing list archive
-
Message #00151
Re: Bundling x64 and x86 binaries in the same library package?
On Fri, Apr 16, 2010 at 7:08 PM, Garrett Serack <garretts@xxxxxxxxxxxxx> wrote:
> What specifically do you mean by compromised?
Suppose it contains a trojan.
> If you mean that a package is published and someone is trying to pass it off as someone else's package, well that's why we have a requirement for a publisher to digitally signing the code. If they lose control of their signing keys, we laugh and all code published with their cert after the loss of control can be killed by revoking the certificate, and/or implement a killbit system (since we can identify WinSxS libraries uniquely).
So you don't just depend on a library, you depend on a library
published by a specific publisher?
> Actually, we should probably build a killbit system regardless, as it can assist in the defective case too.
>
> And, yes WU can install drivers and code from third parties; which is why they require any binaries passing thru WU to be signed and run thru a bunch of validation tools.
But as a user on a system I can't get WU to install a binary I feed it, can I?
Olaf
References
-
Bundling x64 and x86 binaries in the same library package?
From: Garrett Serack, 2010-04-16
-
Re: Bundling x64 and x86 binaries in the same library package?
From: Garrett Serack, 2010-04-16
-
Re: Bundling x64 and x86 binaries in the same library package?
From: Olaf van der Spek, 2010-04-16
-
Re: Bundling x64 and x86 binaries in the same library package?
From: William A. Rowe Jr., 2010-04-16
-
Re: Bundling x64 and x86 binaries in the same library package?
From: Olaf van der Spek, 2010-04-16
-
Re: Bundling x64 and x86 binaries in the same library package?
From: Garrett Serack, 2010-04-16
-
Re: Bundling x64 and x86 binaries in the same library package?
From: Olaf van der Spek, 2010-04-16
-
Re: Bundling x64 and x86 binaries in the same library package?
From: Garrett Serack, 2010-04-16
-
Re: Bundling x64 and x86 binaries in the same library package?
From: Olaf van der Spek, 2010-04-16
-
Re: Bundling x64 and x86 binaries in the same library package?
From: Garrett Serack, 2010-04-16