Distribute Parse Trees, Not Bytecode
Ka-Ping Yee
ping@lfw.org
Thu, 24 Jun 1999 00:37:30 -0700 (PDT)
On Wed, 23 Jun 1999 mzukowski@bco.com wrote:
>
> [#] Of course then you can't reconstruct the source, like Ka-Ping wants to
> for a human to analyze. But then again, how many people are going to really
> want to look at the source?
Everybody. Or, at least, enough people can vouch for a particular
signed abstract syntax tree that i can feel confident about running
it. The goal i have in mind is for anyone to be able to inspect the
code of whatever they download to run; then they can openly say,
"i believe that Myxtplzk version 0.2 is safe to run"; and then any
other end user can check the signature on the code they are running
to see that it is, indeed, the official Myxtplzk version 0.2, and
feel safe running it.
> Hmmm, two files instead of one?
Again, this (in my mind) entirely defeats the purpose of signing
the code. If you distribute source anyway, the AST becomes just
redundant. And how then can you be certain that the source you are
looking at is really the code you are running -- unless you compile
the source yourself, which is the extra work we were trying to avoid
in the first place?
-- ?!ng
"The streets are safe in Philadelphia. It's only the people who
make them unsafe."
-- Frank Rizzo, ex-police chief and mayor of Philadelphia