On Friday 06 April 2007, Geoffrey S. Mendelson wrote: > I have a philosophical question. With open source software how do you > make sure that the copy you are running was not modified to send > your accounting data to some "data collection" site?
You seem to be implying that there's a way to do this with proprietary software that doesn't work for free software. Is there? > If you compile your own copy of the program, which is the usual way > of preventing such "hacks", it would not be the program that > was tested and IMHO there would be no way to prove it without testing > it again. You can make sure the source code being compiled is the same, because it's usually signed. So you're saying the binary's correct behavior can't be deduced from an inspection of the source code followed by a test of a separately compiled binary on a system similar to yours (where the distro's packages are built). But if you don't trust your compiler to build correct code, or your distro's packaging process to catch backdoors, then how can you trust your libc or kernel? It's a lot bigger problem than whether some accounting software is duly certified. > How would the tax agency ascertain that the program that produced a > report was in fact the certified version of the program and not a > version modified in any way? > > Using computer programs to steal money or hide income from the tax > authorities is not a new or uniquely Israeli concept. How do they check this today, for proprietary apps running on Windows? Do they have remote root access to your machine to make sure you're running the software you claim you are? Are they planning on using TPMs with RA? More importantly, why can't they get as much information by verifying the data your app submits? After all, even with a duly certified and unmodified app the user still controls the input. The app has no more knowledge than is contained in its output. If I needed to mangle the input data to hide income, and the mangling was so complex a human couldn't do it, I'd write a separate app to do that. -- Dan Armak ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
