[Juan]
2. Wine doesn't actually verify that the signature in the file matches the file being checked. Any valid certificate could be put into a file, and Wine would accept it.
I don't consider this a serious security flaw
I assume you don't ship signed software. If you did, you might see things differently. Unless I've misunderstood, you've made this possible: 1. I release my software with my digital signature attached 2. A malware author downloads my software, extracts my certificate, and applies it to his malware 3. His software infects a user's machine and damages it. The user discovers the infection, looks at the signature, **Wine says that the certificate is valid**, and the user blames me. Please, either tell me I'm wrong, or make Wine honest about what it's telling the user. -- Richie Hindle (rjh(a)cyberscience.com) Senior Software Engineer, Cyberscience Corporation http://www.cyberscience.com/ Cyberscience User Forum 2008 Two full days of presentations and workshops to help you get more from Cyberquery September 17-18 | Denver, Colorado | Denver Marriott Tech Center Register at: http://www.cyberscience.com/forum-conference.html Make your voice heard; complete the BI Survey 8 by Forum 2008 keynote speaker Nigel Pendse: http://www.intelligence-partners.com/