On 6/25/10, Eric J Korpela <[email protected]> wrote: > 2010/6/25 Nicolás Alvarez <[email protected]>: >> On 6/25/10, Matt Arsenault <[email protected]> wrote: >>> You could have BOINC only run something it compiled itself from a signed >>> and >>> verified source. >> >> And you could also compile your own BOINC client without such check. >> Client-side checks are never effective, especially since BOINC is open >> source, but even if it wasn't. >> >> Besides, what you're suggesting would make BOINC violate the MilkyWay >> license (GPLv3). > > Why would shipping source code be a problem. Anyone could compile it > under LLVM or GCC as an anonymous platform app. BOINC already refuses > to run unsigned executables that it downloads. There's no reason it > couldn't refuse automatic compilation of unsigned source.
"You could have BOINC only run something it compiled itself from a signed and verified source" sounded like making BOINC not allow the user to compile apps himself and use them (ie. disable anonymous platform). That was a separate discussion to the main idea of making the client compile code. -- Nicolas _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
