...[asking for an auto-update]...
I would be extremely wary of this as accepting code written by someone else to automatically run on your machine is bad. ...
Why?
I wouldn't say "bad".
I'd say "you need to know what you are doing".
...
If they do not have the expertise, they will hear of it soon enough when others scan the offered code. ...
Perhaps there should be a mechanism whereby code offered would be signed by various parites. When sufficient signatures have collected, auto-update can proceed.
Yes, no, maybe?
No. Bypassing anecdotes about personal experiences with some .au cpunks, why should I trust *anyone* to certify that code is auto runnable on my machine? In secure or commercial networks, the onus is on making sure holes are not opened up in the defences. To me, having all these crypto links, digital envelopes, crypto filesystems, etc all mean zero if you start offering to run code blindly from anyone. Next. Mark mark@lochard.com.au The above opinions are rumoured to be mine.