On Thursday, February 22, 2018 08:43:38 Narcis Garcia wrote:
> Which is the principle for LibreJS to approve JavaScript functions
> and/or files?
> A license mention?

Can be regarded as necessary, but not sufficient.

> A signature?

Useful for creating a trust model between users and web parties, but this is 
already implemented by https+noscript, and it solves a different problem, not 
directly freedom-related.

> A well-known functions comparison? A code analysis? It replaces funcions?

A code analysis is pointless. Detecting obfuscated code, in particular, is an 
intractable problem. If you could define "obfuscated" formally, chances are, 
there would be a formal proof that the detection is unsolvable by a TM. But 
generally speaking, a good way to obfuscate is by writing a virtual assembly 
interpreter, and then feeding it "binaries" which appear to be perfectly 
cromulent, poetic even, JavaScript sources. And obfuscated code cannot be 
considered free.

None of this is purely academic. Dynamic, obfuscated JavaScript bitcash miners 
are all the rage right now. This is where we are today.

Attachment: signature.asc
Description: This is a digitally signed message part.

--
http://gnuzilla.gnu.org

Reply via email to