> On March 25, 2014 at 9:11 AM Stephan Aßmus <superstippi@xxxxxx> wrote: > > And I want to compile and run software without the need to obtain a > > trusted certificate and signing it with that. Of course, all of that would be optional. > If someone can propose a system that is bullet-proof and at the same > time practical, I am all ears... It can be practical for non-developers, and it would only make sense in combination with secure boot, anyway. Ie. if you enable secure boot, the system could default to only execute trusted code. For developers, I see two possible solutions: 1) you have to disable the execution of trusted code only entirely, or 2) there is a sandbox user that is allowed to execute untrusted code, or 3) you can allow the system to run untrusted code based on exceptions, ie. if the system encounters untrusted code, it would ask you for permission to run it. It would then need to sign that executable itself, so you would need to reacknowledge that dialog after every change 8-) You would need 2) or 3) anyway for things like Java, interpreted languages (also in web browsers), custom shell scripts, ... To sum things up, you'll always have to live with some inconveniences when trying to be more secure. Bye, Axel.