Valdis.Kletnieks@vt.edu wrote:
I wouldn't recommend trying to expand it to "prohibit making and selling computers that are insecure", since no computer is 100% secure, and there's no objective "secure enough" standard - closest you will get there is probably Dell's offer to ship machines pre-hardened to Center for Internet Security guidelines.
It would help if systems would only execute code that is signed properly. This would make malware traceable. However the current way of getting your code signed is in many cases too costly for the casual open source developer so people are used to running unsigned or selfsigned application even when the facilities to check signatures would already exist in the system. (though for example in Windows, signatures are only checked at install, not runtime) Pete