Ok, thinking about this some more, I think I'm conflating two independent things here. Whether the extended attributes and file contents are modifiable is a matter of policy rather than something that should be tied to the signature format, so I think the approach that makes sense is to make the portable signatures immutable (as previously discussed) and then allow userland to define a policy that permits modification of the protected metadata. I'll split this up and retest. On Mon, Oct 30, 2017 at 8:36 AM, Matthew Garrett <mjg59@xxxxxxxxxx> wrote: > On Mon, Oct 30, 2017 at 3:31 PM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: >> Oh, I missed that. > > No problem, I've confused myself enough with this!
