Comment by zzo38computer

I think many people have had similar ideas, including I also had ideas about how to design computer and operating system, which can use proxy capabilities. (There are different kind of capability systems, and I think that proxy capabilities has more benefits than only security.)

There are still considerations when designing parts of the system to be secure, while also making them have the functions that are desired (although a proxy capability system can be used to add arbitrary further restrictions if needed), but the core system can use proxy capabilities as the core security system.

Hashes would still be useful, but that is if you want to check that the package is the one that you intended; it does not prevent you from installing or writing whatever program you want to do, nor to make the program secure, which would be done by separate mechanisms; however, knowing that the package is the one that you intended can be one of the steps of the security, but not the main one.

However, security is not the only issue in a computer and operating system design, although it is a significant issue.