> I disagree. When there are patches that slow execution down up to 30%, > I want to be able to mark a binary as "trusted" so that I can run it
It's not a binary that is trusted - it's a binary in a given use case. You could easily have the same binary being run in two situations on the same box at the same time and run just one of them 'trusted'.
