According to Michael Graff:
>
>How about the additional requirement that hashed binaries are
>immutable?
>

I had a look at this before my flight this morning.  It looks like it
is an easy fix - if the file has a signature and it is being opened
for write then error.  I was planning to flush the cached evaluated
signature on write anyway but preventing writes to signed files
obviates this.  An interesting side note is that if you included
non-executable files in the signature list then they would be made
immutable as well - the actual signature file would be a good start :-)

-- 
===============================================================================
Brett Lymn, Computer Systems Administrator, British Aerospace Australia
===============================================================================