OSNews

you say the "privileged helper" is supposed to prevent unsafe items from being in there in the first place.

No, I said that things can only have their real name. 'unsafe' is a subjective term; you can't expect the computer to enforce the rule "No unsafe software to be installed in this directory". Different users might even disagree on whether something is unsafe.

If the shared folder isn't secure, what's to prevent malware from just being copied in there, in a folder named after a hash that was generated using the same public algorithm you make available to all software publishers?

OK, take ROX-Filer version 2.5 (Linux x86 binary) for example. It has this hash (and, therefore, directory name):

sha1=d22a35871bad157e32aa169e3f4feaa8d902fdf2

You're quite free to change it in some way and add your malicous version to the shared directory too. BUT, changing it will change the hash so your evil version might be called:

sha1=94fd763dfe509277763df47c53c38fc52866eaf4

You can't make your version appear under the original's name, because the name depends on its contents.

And I still can't think of a reason that any system would require the hash to be stored in the directory name.

It depends what you want it for. I think you are thinking about this scenario:

"Alice is bored. She wants to run something, so she has a look in the shared directory to see what other users have been running. Noticing a directory called 'gimp-2.4', she decides to run it, first checking at gimp.org that its hash matches the one on the web-site."

That works fine with the hash inside the directory, but it's not the case Zero Install is aimed at. Here's our target scenario:

"Alice needs to edit some photos. She goes to gimp.org and asks to run Gimp 2.4. She (her software) looks for an existing directory with the same hash and finds the copy Bob installed earlier."

Notice that the question we're trying to answer isn't "does this directory have hash XXX?", but "where is the directory with hash XXX?"