From: Matthew Mondor <mmondor@pulsar-zone.net>
Date: Thu, 9 Jul 2015 04:15:51 +0000 (+0000)
Subject: *** empty log message ***
X-Git-Url: http://git.pulsar-zone.net/?a=commitdiff_plain;h=2abc74e249f83ac2b55992c35c7bc9e8f13ae43f;p=mmondor.git

*** empty log message ***
---

diff --git a/netbsd/netbsd_improvements.txt b/netbsd/netbsd_improvements.txt
index bf6dc2e..08d70cc 100644
--- a/netbsd/netbsd_improvements.txt
+++ b/netbsd/netbsd_improvements.txt
@@ -18,6 +18,9 @@ Status, defined by the first column:
   VeriExec not far from that, but it's still different as it does not verify
   signatures, it instead verifies a checksum.
   The signatures should be added as a new special ELF section.
+  Ideally, writing to protected files should optionally be forbidden;
+  otherwise, their cached verified-signature status should be forgotten in
+  order for the next use to verify the signature again.
 
 - NPF
   - Lack of proper diagnostics/stats