[sword-devel] Doctrinal Statement
Fri, 28 Jul 2000 23:38:58 -0700
At 05:48 PM 7/28/2000 -0700, Chris Little wrote:
>I think some kind of signing system is needed, possibly built into the
>module format itself. It may be time to update the sword module format to
>include some new features. Perhaps all modules should be encrypted such
>that they are only properly readable if they are unaltered, something like
>using their own checksum as an encryption key.
Yes. Something like that should be done. It should include some kind of
revision info also, so one can tell if one has a copy that is behind in
corrections/revisions. All of this kind of stuff should be in the module
data, not in a separate file. One should not be able to remove this info
without destroying the module. Also, a list of revisions for all known
Sword modules should be shipped with Sword, so the install program can
check previously installed modules to see if a better version exists.
Unknown modules could still be used they just wouldn't produce any message
But, all of this is open source. Can't anyone take a text edit it and build
a module that will have valid security features at the local level? This
why I think some optional remote security data is also good. Not required
to run, but there for those that want to do a check.