Tom and all, > When was the last time you analysed the contents of your > newly downloaded log4j.jar, just to make sure it didn't > contain anything nasty? In that example, you trusted the > download site (apache.org), and you trusted the download > mechanism (HTTP - now that was risky!), and then you trusted > the stuff you downloaded.
I think this is a key observation. The Jini mechanism for trust is based on trusting the source and the download channel but that does not imply anything about the quality of the code you're about to execute. When you download anything manually (in your browser), you have time to decide whether or not you take the risk. Jini however is about programmatic clients doing this automatically without human intervention. The speed of execution is at a different scale. One would need semantic correctness checks which is impossible to do right now. We had bumped into this problem when we used Jini for distributed/parallel computation and the only solution we could come up was to have accountability and a mechanism for non-repudiation, ie you code can do stupid things but I'll catch you and make you pay for it. I don't know whether there is a universal solution to this, it is a very complicated problem. Zoltan
